Forum Discussion
Solved
CMMC - does it require MFA at network login?
"NIST 800-171 3.5.3 Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts" Some debate inside my company about whether ...
bkaufman There is a strong argument that MFA is applied at the device in order to protect data on the device as well as the local area network. This is especially true for legacy authentication with applications that may not natively support MFA. We have been working with many working groups to gain clarity on the fit for Windows Hello for Business satisfying the device-based MFA, and transitive to remote networks as well.
RichardWakeman
Microsoft
Microsoftbkaufman There is a strong argument that MFA is applied at the device in order to protect data on the device as well as the local area network. This is especially true for legacy authentication with applications that may not natively support MFA. We have been working with many working groups to gain clarity on the fit for Windows Hello for Business satisfying the device-based MFA, and transitive to remote networks as well.
