- Free Edition
- Quick Links
- Multi-factor authentication
- Adaptive MFA
- Active Directory MFA
- Conditional access
- Passwordless authentication
- Endpoint MFA
- MFA for remote and local Windows logons
- MFA for Windows servers
- MFA for remote and local macOS logons
- MFA for remote and local Linux logons
- MFA for VPN logons
- MFA for OWA logons
- MFA for RDP
- Offline MFA
- MFA for UAC
- Device-based MFA
- MFA for cloud apps
- MFA for Microsoft 365 users
- Phishing-resistant MFA
- Password management
- Password management and security
- Self-service password reset
- Self-service account unlock
- Web-based domain password change
- Password expiration notifications
- Password synchronization
- Password policy enforcer
- Cached credentials update
- Reporting and auditing
- Password self-service from logon screens
- Help-desk-assisted password reset
- Mobile password management
- Password security and compliance
- Single sign-on
- Remote work enablement
- Enterprise self-service
- Reporting and auditing
- Zero trust
- Integrations
- Security
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- Exchange Reporter Plus Exchange Server Auditing & Reporting
- EventLog Analyzer Real-time Log Analysis & Reporting
- M365 Manager Plus Microsoft 365 Management & Reporting Tool
- DataSecurity Plus File server auditing & data discovery
- RecoveryManager Plus Enterprise backup and recovery tool
- SharePoint Manager Plus SharePoint Reporting and Auditing
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools
What is the Essential Eight?
The Essential Eight, published in 2017, is an Australian cybersecurity framework developed and maintained by the Australian Signals Directorate (ASD). It was enacted to protect organizations from potential online threats and cyberattacks. The Essential Eight regulations are applicable across a broad spectrum of networks, systems, and applications in the digital world.
The Essential Eight compliance mandates provide a robust cybersecurity strategy for businesses, divided across three primary objectives: prevention of cyberattacks, limiting the impact of cyberattacks, and data recovery and system availability.
What are the Essential Eight Security Controls?
The following are the latest Essential Eight Security Controls:
Preventing cyberattacks
- Patch applications
- Application control
- User application hardening
- Restrict Microsoft Office macros
Limiting the impact of cyberattacks
- Patch operating systems
- Restrict administrative privileges
- Multi-factor authentication (MFA)
Data recovery and system availability
- Regular backups
What is the Essential Eight Maturity Model?
The ASD has defined four maturity levels, Maturity Level Zero through Maturity Level Three, to help organizations implement the Essential Eight Security Controls systematically. These maturity levels (excluding Maturity Level Zero) provide increasing levels of cyberattack mitigation strategies for organizations to implement based on the perceived levels of attack techniques targeted at them by cybercriminals. Organizations are expected to implement each maturity level progressively as the goal of a previous maturity level has been reached.
The following table states the MFA requirements found in each maturity level and how ADSelfService Plus helps your organization comply with them.
| MFA: Maturity Level One | |
| Mitigation strategy description | How ADSelfService Plus helps meet the strategy |
| MFA is used to authenticate users to their organization’s online services that process, store, or communicate their organization’s sensitive data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to their organization’s online services that process, store, or communicate their organization’s sensitive data. |
| MFA is used to authenticate users to third-party online services that process, store, or communicate their organization’s sensitive data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to third-party online services that process, store, or communicate their organization’s sensitive data. |
| MFA (where available) is used to authenticate users to third-party online services that process, store, or communicate their organization’s non-sensitive data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to third-party online services that process, store, or communicate their organization’s non-sensitive data. |
| MFA is used to authenticate users to their organization’s online customer services that process, store, or communicate their organization’s sensitive customer data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to their organization’s online customer services that process, store, or communicate their organization’s sensitive customer data. |
| MFA is used to authenticate users to third-party online customer services that process, store, or communicate their organization’s sensitive customer data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to third-party online customer services that process, store, or communicate their organization’s sensitive customer data. |
| MFA is used to authenticate customers to online customer services that process, store, or communicate sensitive customer data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate customers to online customer services that process, store, or communicate sensitive customer data. |
| MFA uses either: something users have and something users know, or something users have that is unlocked by something users know or are. | ADSelfService Plus provides 20 different authentication methods, which include something users have, such as smart cards, TOTPs, and YubiKeys; something users know, such as security questions and strong passwords; and something users are, such as biometric and FIDO2 authentication. |
| MFA: Maturity Level Two | |
| MFA is used to authenticate users to their organization’s online services that process, store, or communicate their organization’s sensitive data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to their organization’s online services that process, store, or communicate their organization’s sensitive data. |
| MFA is used to authenticate users to third-party online services that process, store, or communicate their organization’s sensitive data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to third-party online services that process, store, or communicate their organization’s sensitive data. |
| MFA (where available) is used to authenticate users to third-party online services that process, store, or communicate their organization’s non-sensitive data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to third-party online services that process, store, or communicate their organization’s non-sensitive data. |
| MFA is used to authenticate users to their organization’s online customer services that process, store, or communicate their organization’s sensitive customer data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to their organization’s online customer services that process, store, or communicate their organization’s sensitive customer data. |
| MFA is used to authenticate users to third-party online customer services that process, store, or communicate their organization’s sensitive customer data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to third-party online customer services that process, store, or communicate their organization’s sensitive customer data. |
| MFA is used to authenticate customers to online customer services that process, store, or communicate sensitive customer data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate customers to online customer services that process, store, or communicate sensitive customer data. |
| MFA is used to authenticate privileged users of systems. | With ADSelfService Plus, you can enable custom MFA methods for users belonging to a particular OU or group. This way, users with varying privilege levels can be authenticated with appropriate MFA factors. |
| MFA is used to authenticate unprivileged users of systems. | With ADSelfService Plus, you can enable custom MFA methods for users belonging to a particular OU or group. This way, users with varying privilege levels can be authenticated with appropriate MFA factors. |
| MFA uses either: something users have and something users know, or something users have that is unlocked by something users know or are. | ADSelfService Plus provides 20 different authentication methods, which include something users have, such as smart cards, TOTPs, and YubiKeys; something users know, such as security questions and strong passwords; and something users are, such as biometric and FIDO2 authentication. |
| MFA used for authenticating users of online services is phishing-resistant. | ADSelfService Plus provides the phishing-resistant FIDO passkeys authenticator to authenticate users of online services. |
| MFA used for authenticating customers of online customer services provides a phishing-resistant option. | ADSelfService Plus provides the phishing-resistant FIDO passkeys authenticator to authenticate customers of online customer services. |
| MFA used for authenticating users of systems is phishing-resistant. | ADSelfService Plus provides the phishing-resistant FIDO passkeys authenticator to authenticate users of systems. |
| Successful and unsuccessful MFA events are centrally logged. | ADSelfService Plus generates detailed MFA audit reports to monitor and log the status of each MFA attempt made by users. |
| MFA: Maturity Level Three | |
| MFA is used to authenticate users to their organization’s online services that process, store, or communicate their organization’s sensitive data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to their organization’s online services that process, store, or communicate their organization’s sensitive data. |
| MFA is used to authenticate users to third-party online services that process, store, or communicate their organization’s sensitive data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to third-party online services that process, store, or communicate their organization’s sensitive data. |
| MFA (where available) is used to authenticate users to third-party online services that process, store, or communicate their organization’s non-sensitive data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to third-party online services that process, store, or communicate their organization’s non-sensitive data. |
| MFA is used to authenticate users to their organization’s online customer services that process, store, or communicate their organization’s sensitive customer data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to their organization’s online customer services that process, store, or communicate their organization’s sensitive customer data. |
| MFA is used to authenticate users to third-party online customer services that process, store, or communicate their organization’s sensitive customer data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to third-party online customer services that process, store, or communicate their organization’s sensitive customer data. |
| MFA is used to authenticate customers to online customer services that process, store, or communicate sensitive customer data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate customers to online customer services that process, store, or communicate sensitive customer data. |
| MFA is used to authenticate privileged users of systems. | With ADSelfService Plus, you can enable custom MFA methods for users belonging to a particular OU or group. This way, users with varying privilege levels can be authenticated with appropriate MFA factors. |
| MFA is used to authenticate unprivileged users of systems. | With ADSelfService Plus, you can enable custom MFA methods for users belonging to a particular OU or group. This way, users with varying privilege levels can be authenticated with appropriate MFA factors. |
| MFA is used to authenticate users of data repositories. | With ADSelfService Plus, you can enable custom MFA methods for users belonging to a particular OU or group. This way, users with access to data repositories can be authenticated with appropriate MFA factors. |
| MFA uses either: something users have and something users know, or something users have that is unlocked by something users know or are. | ADSelfService Plus provides 20 different authentication methods, which include something users have, such as smart card, TOTPs, and YubiKeys; something users know, such as security questions and strong passwords; and something users are, such as biometric and FIDO2 authentication. |
| MFA used for authenticating users of online services is phishing-resistant. | ADSelfService Plus provides the phishing-resistant FIDO passkeys authenticator to authenticate users of online services. |
| MFA used for authenticating customers of online customer services is phishing-resistant. | ADSelfService Plus provides the phishing-resistant FIDO passkeys authenticator to authenticate customers of online customer services. |
| MFA used for authenticating users of systems is phishing-resistant. | ADSelfService Plus provides the phishing-resistant FIDO passkeys authenticator to authenticate users of systems. |
| MFA used for authenticating users of data repositories is phishing-resistant. | ADSelfService Plus provides the phishing-resistant FIDO passkeys authenticator to authenticate users of data repositories. |
| Successful and unsuccessful MFA events are centrally logged. | ADSelfService Plus generates detailed MFA audit reports to monitor and log the status of each MFA attempt made by users. |
Make your organization adhere to the Essential Eight strategies with ADSelfService Plus
ADSelfService Plus offers strong adaptive MFA capabilities that can help your organization comply with the Essential Eight Security Control objective of limiting the impact of cyberattacks:
- MFA for applications and endpoints: Secure user access to organizational data by enabling MFA for endpoints such as machines, enterprise applications, VPNs, RDPs, and OWAs.
- Multiple MFA authenticators: Choose from a range of 20 different MFA authenticators, like FIDO passkeys, biometrics, and YubiKey authenticator, to verify users' identities.
- Easy configuration: Simplify the MFA enrollment process for both admins and users using quick enrollment options, like email or push notifications and CSV file imports, and enforce different MFA methods for users based on OUs and groups.
- Customizable trust settings: Customize MFA trust settings to allow users to establish a trusted browser or device, enabling them to skip MFA for a limited number of days to save time.
MFA
Secure user access to all enterprise applications and endpoints in your network using MFA.
Choose from 20 different authenticators to verify your users' identities.
Set up different MFA flows for different groups or departments in your organization.
Secure user access to all enterprise applications and endpoints in your network using MFA.
Choose from 20 different authenticators to verify your users' identities.
Set up different MFA flows for different groups or departments in your organization.
Benefits of using ADSelfService Plus to comply with the Essential Eight
- Increased password security
Apart from MFA, ensure all-around protection from cyberattacks with the help of strong password policiesthat enforce passphrases and restrict common patterns from passwords.
- Strong MFA techniques
Implement adaptive MFA techniques, like conditional access and customizable trust options, to authenticate users based on their location, IP address, and device type.
- Fine-grained flexibility
Enforce different MFA settings for users with varying levels of access to sensitive organizational data based on their OUs or groups.
- Compliance with regulatory standards
Deploying FIDO2 authentication with ADSelfService Plus ensures compliance with regulatory standards such as the NIST Cybersecurity Framework, HIPAA, the PCI DSS, and the PSD2.
Highlights
Password self-service
Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console.
One identity with Single sign-on
Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus!
Password/Account Expiry Notification
Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.
Password Synchronizer
Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more.
Password Policy Enforcer
Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.
Directory Self-Update & Corporate Directory Search
Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.
