- Free Edition
- Quick Links
- Multi-factor authentication
- Active Directory MFA
- Endpoint MFA
- Windows login MFA
- Two-factor authentication
- Conditional access
- Offline MFA
- FIDO2 MFA
- Passwordless authentication
- MFA for VPN logons
- MFA for OWA logons
- MFA for Microsoft 365 users
- MFA for UAC
- MFA for remote and local macOS logons
- MFA for remote and local Linux logons
- MFA for Windows servers
- MFA for RDP
- Device-based MFA
- MFA for cloud apps
- Phishing-resistant MFA
- Adaptive MFA
- Password management
- Self-service password reset
- Self-service account unlock
- Password expiration notifications
- Password synchronization
- Password policy enforcer
- Web-based domain password change
- Cached credentials update
- Reporting and auditing
- Password self-service from logon screens
- Help-desk-assisted password reset
- Mobile password management
- Password security and compliance
- Password management and security
- Single sign-on
- Remote work enablement
- Enterprise self-service
- Reporting and auditing
- Zero trust
- Integrations
- Security
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- Exchange Reporter Plus Exchange Server Auditing & Reporting
- EventLog Analyzer Real-time Log Analysis & Reporting
- M365 Manager Plus Microsoft 365 Management & Reporting Tool
- DataSecurity Plus File server auditing & data discovery
- RecoveryManager Plus Enterprise backup and recovery tool
- SharePoint Manager Plus SharePoint Reporting and Auditing
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools
What is the Essential Eight?
The Essential Eight, published in 2017, is an Australian cybersecurity framework developed and maintained by the Australian Signals Directorate (ASD). It was enacted to protect organizations from potential online threats and cyberattacks. The Essential Eight regulations are applicable across a broad spectrum of networks, systems, and applications in the digital world.
The Essential Eight compliance mandates provide a robust cybersecurity strategy for businesses, divided across three primary objectives: prevention of cyberattacks, limiting the impact of cyberattacks, and data recovery and system availability.
What are the Essential Eight Security Controls?
The following are the latest Essential Eight Security Controls:
Preventing cyberattacks
- Patch applications
- Application control
- User application hardening
- Restrict Microsoft Office macros
Limiting the impact of cyberattacks
- Patch operating systems
- Restrict administrative privileges
- Multi-factor authentication (MFA)
Data recovery and system availability
- Regular backups
What is the Essential Eight Maturity Model?
The ASD has defined four maturity levels, Maturity Level Zero through Maturity Level Three, to help organizations implement the Essential Eight Security Controls systematically. These maturity levels (excluding Maturity Level Zero) provide increasing levels of cyberattack mitigation strategies for organizations to implement based on the perceived levels of attack techniques targeted at them by cybercriminals. Organizations are expected to implement each maturity level progressively as the goal of a previous maturity level has been reached.
The following table states the MFA requirements found in each maturity level and how ADSelfService Plus helps your organization comply with them.
| MFA: Maturity Level One | |
| Mitigation strategy description | How ADSelfService Plus helps meet the strategy |
| MFA is used to authenticate users to their organization’s online services that process, store, or communicate their organization’s sensitive data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to their organization’s online services that process, store, or communicate their organization’s sensitive data. |
| MFA is used to authenticate users to third-party online services that process, store, or communicate their organization’s sensitive data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to third-party online services that process, store, or communicate their organization’s sensitive data. |
| MFA (where available) is used to authenticate users to third-party online services that process, store, or communicate their organization’s non-sensitive data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to third-party online services that process, store, or communicate their organization’s non-sensitive data. |
| MFA is used to authenticate users to their organization’s online customer services that process, store, or communicate their organization’s sensitive customer data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to their organization’s online customer services that process, store, or communicate their organization’s sensitive customer data. |
| MFA is used to authenticate users to third-party online customer services that process, store, or communicate their organization’s sensitive customer data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to third-party online customer services that process, store, or communicate their organization’s sensitive customer data. |
| MFA is used to authenticate customers to online customer services that process, store, or communicate sensitive customer data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate customers to online customer services that process, store, or communicate sensitive customer data. |
| MFA uses either: something users have and something users know, or something users have that is unlocked by something users know or are. | ADSelfService Plus provides 20 different authentication methods, which include something users have, such as smart cards, TOTPs, and YubiKeys; something users know, such as security questions and strong passwords; and something users are, such as biometric and FIDO2 authentication. |
| MFA: Maturity Level Two | |
| MFA is used to authenticate users to their organization’s online services that process, store, or communicate their organization’s sensitive data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to their organization’s online services that process, store, or communicate their organization’s sensitive data. |
| MFA is used to authenticate users to third-party online services that process, store, or communicate their organization’s sensitive data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to third-party online services that process, store, or communicate their organization’s sensitive data. |
| MFA (where available) is used to authenticate users to third-party online services that process, store, or communicate their organization’s non-sensitive data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to third-party online services that process, store, or communicate their organization’s non-sensitive data. |
| MFA is used to authenticate users to their organization’s online customer services that process, store, or communicate their organization’s sensitive customer data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to their organization’s online customer services that process, store, or communicate their organization’s sensitive customer data. |
| MFA is used to authenticate users to third-party online customer services that process, store, or communicate their organization’s sensitive customer data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to third-party online customer services that process, store, or communicate their organization’s sensitive customer data. |
| MFA is used to authenticate customers to online customer services that process, store, or communicate sensitive customer data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate customers to online customer services that process, store, or communicate sensitive customer data. |
| MFA is used to authenticate privileged users of systems. | With ADSelfService Plus, you can enable custom MFA methods for users belonging to a particular OU or group. This way, users with varying privilege levels can be authenticated with appropriate MFA factors. |
| MFA is used to authenticate unprivileged users of systems. | With ADSelfService Plus, you can enable custom MFA methods for users belonging to a particular OU or group. This way, users with varying privilege levels can be authenticated with appropriate MFA factors. |
| MFA uses either: something users have and something users know, or something users have that is unlocked by something users know or are. | ADSelfService Plus provides 20 different authentication methods, which include something users have, such as smart cards, TOTPs, and YubiKeys; something users know, such as security questions and strong passwords; and something users are, such as biometric and FIDO2 authentication. |
| MFA used for authenticating users of online services is phishing-resistant. | ADSelfService Plus provides the phishing-resistant FIDO passkeys authenticator to authenticate users of online services. |
| MFA used for authenticating customers of online customer services provides a phishing-resistant option. | ADSelfService Plus provides the phishing-resistant FIDO passkeys authenticator to authenticate customers of online customer services. |
| MFA used for authenticating users of systems is phishing-resistant. | ADSelfService Plus provides the phishing-resistant FIDO passkeys authenticator to authenticate users of systems. |
| Successful and unsuccessful MFA events are centrally logged. | ADSelfService Plus generates detailed MFA audit reports to monitor and log the status of each MFA attempt made by users. |
| MFA: Maturity Level Three | |
| MFA is used to authenticate users to their organization’s online services that process, store, or communicate their organization’s sensitive data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to their organization’s online services that process, store, or communicate their organization’s sensitive data. |
| MFA is used to authenticate users to third-party online services that process, store, or communicate their organization’s sensitive data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to third-party online services that process, store, or communicate their organization’s sensitive data. |
| MFA (where available) is used to authenticate users to third-party online services that process, store, or communicate their organization’s non-sensitive data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to third-party online services that process, store, or communicate their organization’s non-sensitive data. |
| MFA is used to authenticate users to their organization’s online customer services that process, store, or communicate their organization’s sensitive customer data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to their organization’s online customer services that process, store, or communicate their organization’s sensitive customer data. |
| MFA is used to authenticate users to third-party online customer services that process, store, or communicate their organization’s sensitive customer data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate users to third-party online customer services that process, store, or communicate their organization’s sensitive customer data. |
| MFA is used to authenticate customers to online customer services that process, store, or communicate sensitive customer data. | ADSelfService Plus provides strong MFA methods, such as biometrics, YubiKey, and FIDO passkeys, to authenticate customers to online customer services that process, store, or communicate sensitive customer data. |
| MFA is used to authenticate privileged users of systems. | With ADSelfService Plus, you can enable custom MFA methods for users belonging to a particular OU or group. This way, users with varying privilege levels can be authenticated with appropriate MFA factors. |
| MFA is used to authenticate unprivileged users of systems. | With ADSelfService Plus, you can enable custom MFA methods for users belonging to a particular OU or group. This way, users with varying privilege levels can be authenticated with appropriate MFA factors. |
| MFA is used to authenticate users of data repositories. | With ADSelfService Plus, you can enable custom MFA methods for users belonging to a particular OU or group. This way, users with access to data repositories can be authenticated with appropriate MFA factors. |
| MFA uses either: something users have and something users know, or something users have that is unlocked by something users know or are. | ADSelfService Plus provides 20 different authentication methods, which include something users have, such as smart card, TOTPs, and YubiKeys; something users know, such as security questions and strong passwords; and something users are, such as biometric and FIDO2 authentication. |
| MFA used for authenticating users of online services is phishing-resistant. | ADSelfService Plus provides the phishing-resistant FIDO passkeys authenticator to authenticate users of online services. |
| MFA used for authenticating customers of online customer services is phishing-resistant. | ADSelfService Plus provides the phishing-resistant FIDO passkeys authenticator to authenticate customers of online customer services. |
| MFA used for authenticating users of systems is phishing-resistant. | ADSelfService Plus provides the phishing-resistant FIDO passkeys authenticator to authenticate users of systems. |
| MFA used for authenticating users of data repositories is phishing-resistant. | ADSelfService Plus provides the phishing-resistant FIDO passkeys authenticator to authenticate users of data repositories. |
| Successful and unsuccessful MFA events are centrally logged. | ADSelfService Plus generates detailed MFA audit reports to monitor and log the status of each MFA attempt made by users. |
Make your organization adhere to the Essential Eight strategies with ADSelfService Plus
ADSelfService Plus offers strong adaptive MFA capabilities that can help your organization comply with the Essential Eight Security Control objective of limiting the impact of cyberattacks:
- MFA for applications and endpoints: Secure user access to organizational data by enabling MFA for endpoints such as machines, enterprise applications, VPNs, RDPs, and OWAs.
- Multiple MFA authenticators: Choose from a range of 20 different MFA authenticators, like FIDO passkeys, biometrics, and YubiKey authenticator, to verify users' identities.
- Easy configuration: Simplify the MFA enrollment process for both admins and users using quick enrollment options, like email or push notifications and CSV file imports, and enforce different MFA methods for users based on OUs and groups.
- Customizable trust settings: Customize MFA trust settings to allow users to establish a trusted browser or device, enabling them to skip MFA for a limited number of days to save time.
MFA
1
Secure user access to all enterprise applications and endpoints in your network using MFA.
2
Choose from 20 different authenticators to verify your users' identities.
3
Set up different MFA flows for different groups or departments in your organization.
Secure user access to all enterprise applications and endpoints in your network using MFA.
Choose from 20 different authenticators to verify your users' identities.
Set up different MFA flows for different groups or departments in your organization.
Benefits of using ADSelfService Plus to comply with the Essential Eight
- Increased password security
Apart from MFA, ensure all-around protection from cyberattacks with the help of strong password policiesthat enforce passphrases and restrict common patterns from passwords.
- Strong MFA techniques
Implement adaptive MFA techniques, like conditional access and customizable trust options, to authenticate users based on their location, IP address, and device type.
- Fine-grained flexibility
Enforce different MFA settings for users with varying levels of access to sensitive organizational data based on their OUs or groups.
- Compliance with regulatory standards
Deploying FIDO2 authentication with ADSelfService Plus ensures compliance with regulatory standards such as the NIST Cybersecurity Framework, HIPAA, the PCI DSS, and the PSD2.
Highlights of ADSelfService Plus
Password self-service
Unburden Windows AD users from lengthy help desk calls by empowering them with self-service password reset and account unlock capabilities.
Multi-factor authentication
Enable context-based MFA with 20 different authentication factors for endpoint, application, VPN, OWA, and RDP logins.
One identity with single sign-on
Get seamless one-click access to more than 100 cloud applications. With enterprise single sign-on (SSO), users can access all their cloud applications using their Windows AD credentials.
Password and account expiry notifications
Notify Windows AD users of their impending password and account expiry via email and SMS notifications.
Password synchronization
Synchronize Windows AD user passwords and account changes across multiple systems automatically, including Microsoft 365, Google Workspace, IBM iSeries, and more.
Password policy enforcer
Strong passwords resist various hacking threats. Enforce Windows AD users to adhere to compliant passwords by displaying password complexity requirements.
