Get MFA-protected endpoints with ADSelfService Plus

  • Secure your organizational endpoints endpoints like machines, VPNs, OWAs, RDPs, and any RADIUS or IIS-based network endpoints with adaptive MFA.
  • Choose from 20 different authentication methods for your users to verify their identities with.
  • Enable conditional access with conditions like the user's location, IP address, time of access, and device used.
  • Configure different MFA flows for users based on their OU, group, and domain memberships.
MFA-protected endpoints

Salient features of ADSelfService Plus' endpoint MFA capability

MFA for machine logons

Protect logons to Windows, Mac, and Linux workstations and servers with adaptive MFA, which is triggered based on the user account during logon.

Learn more  

Device-based MFA

Safeguard logons to critical machines with adaptive MFA, which is triggered based on the device's policy settings, irrespective of the user logging in to the machine.

Learn more  

Offline MFA

Secure your offline remote users by enabling MFA for offline Windows and macOS machine logons.

Learn more  


Fortify VPN connections to your organization's networks and other network endpoints that use RADIUS with adaptive MFA.

Learn more  


Guard OWA, exchange admin center (EAC), and other IIS web application logons with adaptive MFA.

Learn more  


Secure remote logons to Windows, Mac, and Linux machines with adaptive MFA.

Learn more  


Safeguard privileged system activities with adaptive MFA for the Windows User Account Control (UAC) credential prompt.

Learn more  

ADSelfService Plus'
endpoint MFA in action

Here's how user-based Windows logon MFA works

  • Users logging in to Windows machines first prove their identities using their AD domain credentials.
  • Next, they authenticate themselves using a time-sensitive authentication code sent via SMS or email, biometrics, or through a third-party authentication provider.
  • Depending on the administrator's configurations, they may need to authenticate themselves through one or more methods.
  • Finally, users log in to their Windows machines once they have successfully authenticated themselves.
Learn more
  • Better resilience and reputation

    Keep attackers from exploiting your endpoints and earn a good security repute for your company.

  • Enhanced user experience

    Use different authentication methods for users with different privileges by configuring MFA techniques based on their OU, group, and domain memberships.


Benefits of securing your endpoints using ADSelfService Plus

How to enable MFA for your endpoints with ADSelfService Plus

  • 1

    How to enable MFA for machine logons

    To enable MFA for machine logons you need to install ADSelfService Plus' login agent for Windows, macOS, and Linux.

    View guide  
  • 4


    How to enable MFA for OWA

    With ADSelfService Plus, you can enable MFA for OWA and Exchange Admin Center logons.

    View guide  
  • 2


    How to enable device-based MFA for your machines

    Device-based or machine-based MFA protects business-critical machines by mandating MFA for every user who logs on to the device.

    View guide  
  • 5


    How to enable MFA for RDP

    ADSelfService Plus allows for RDP MFA to be configured in two ways, namely RDP server authentication and RDP client authentication.

    View guide  
  • 3


    How to enable MFA for VPN

    To use VPN MFA you need to configure your VPN or endpoint server to use RADIUS authentication.

    View guide  
  • 6

    How to enable MFA for UAC

    MFA for UAC can be enabled in a few simple steps with ADSelfService Plus.

    View guide  

Guard access to machines,
VPNs, OWAs, and RDPs with adaptive MFA.

  Zoho Corporation Pvt. Ltd. All rights reserved.

Embark on a journey towards identity security and Zero Trust