Multi-Factor Authentication (MFA) for Windows Login

Secure Windows user logons with UserLock MFA.
Because passwords, even strong passwords, are easy to compromise, multi-factor authentication (MFA) provides an additional layer of security to verify Windows user logons.

  • Reduce risk of data breaches
  • Satisfy compliance and insurance requirements
  • Provide consistent access security, both on and off-site
  • Combine with granular access controls

Free Trial Demo


Multi-factor authentication (MFA)

MFA is a security enhancement that requires a user to submit two or more items of proof (factors) for system access. This additional factor of authentication, beyond the password, provides an additional layer of security before allowing access to the corporate network.

An essential part of a strong identity and access management (IAM) program, MFA is a key defense against a data breach and unauthorized access.

Multi-factor authentication (MFA) on Windows Login

Nearly all cyber attacks rely on some form of access to the network. Since MFA for Windows prevents unauthorized access at the login, it effectively stops attacks before they start.

Verifying the identity of all Active Directory accounts at the logon secures their access to the network, server, and cloud services.

Benefits of UserLock MFA for Windows logins

UserLock supports MFA through authenticator applications, push notifications and hardware tokens and keys. With the option to apply granular settings, admins can define their MFA policy by the type of operating system (workstation or server), the connection type (local or remote), and the frequency of MFA prompts (at every connection, every N days).

UserLock also makes it easy to enable MFA for Windows login, RDP, RD Gateway, VPN, IIS and cloud applications with SAML-based SSO.

Easy deployment alongside on-premise Active Directory

  • Seamless integration with Active Directory, without changing existing schema
  • Quickly configure with the ability to apply MFA by user, group or organizational unit (OU)
  • Easy adoption since you can manage time users have to enroll in MFA, allowing them to temporarily skip configuration for a smooth onboarding process
  • Effective security as UserLock automatically detects new endpoints, from wherever users connect, and immediately applies MFA restrictions
Easy deployment alongside on-premise Active Directory
Granular control over when and how to prompt for MFA

Granular control over when and how to prompt for MFA

  • By connection type (local logins and RDP sessions)
  • By workstation and/or server connections
  • By frequency and circumstances of authentication requests
  • And more...

MFA for all conditions

  • Secure on-site user access for logins at the local console
  • Secure remote user access via Remote Desktop (RDP) connections, Windows VPN, and VDI
  • Enforce offline MFA even when users’ devices aren’t connected to the internet, allowing authentication via hardware tokens or keys, authenticator applications or TOTP codes
  • Enable off-domain MFA for remote users not connected to the LAN. Even when users don’t connect to the corporate network and/or don’t use a VPN, UserLock can still require MFA thanks to UserLock Anywhere
MFA for all conditions
MFA on all connection types

MFA on all connection types

  • MFA for IIS: Secures user logons to Microsoft IIS sessions such as OWA and RDWeb
  • MFA for VPN: Secure user identities and protect access to sensitive data with MFA security for VPN connections
  • MFA for RDP & RD Gateway: Secure user logons via Remote Desktop, RD Gateway and RDP on Windows machines
  • MFA for Offline & Off-network: Secure offline, off-domain Windows Active Directory user logins
  • MFA for SaaS: Secure user access to cloud applications with Saml-based single sign-on
Choose up to two MFA methods for your team UserLock Push notification

Choose up to two MFA methods for your team

Looking for different MFA methods for remote vs. on-site employees? Want to give your users flexibility to authenticate in the way that’s best suited to their role? UserLock gives you the ability to set up two different MFA methods for your team, including:

  • Push notifications
  • Hardware tokens and keys
  • Authenticator apps
Secure Remote Access

Learn more about Securing Remote Access

How UserLock helps ensure Multi-Factor Authentication for Remote Working.


Request a personalized demo now

Discover how UserLock can help you meet your needs.