UserLock Documentation
UserLock Documentation
You are here: Use cases > Multi-Factor Authentication > How to apply MFA for UAC prompts

How to apply MFA to UAC prompts

This feature is availble from version 12.2. The credential provider must be installed on machines where the elevation of privilege request is made. This means the machine where the user is prompted with UAC must be running Windows 10 build 1809 or Server 2019 or more recent.

Thanks to UserLock’s custom credential provider, you can apply an extra layer of security on elevated privilege requests with MFA on Windows User Account Control (UAC) prompts displayed when launching administrative tasks.

For MFA to be required on these events, Behavior of the elevation prompt for administrators in Admin Approval Mode must be configured to prompt for credentials.

To enforce MFA prompts, you need to configure the MFA settings of the protected account of the privileged user.


The setting for "Connection types" (remote, From outside) is applied to the desktop sessions from where the UAC is prompted. We recommend configuring "All" connection types and "At every logon" for UAC prompts.

These connections are compatible with all MFA methods: Push, TOTP code, and USB keys.