Configure Agentless MFA for Endpoint
Prerequisites
- AD Agent Installed - Required for syncing AD Users and Service Accounts.
- Domain-Joined Machines - All Windows endpoints must be domain-joined.
Step 1: Download the File
Download the Agentless MFA setup script and copy it to the active directory machine.
Step 2: Install the File
In the active directory machine, open the PowerShell window as an administrator privilege and execute the following command.
.\agentless-install.ps1
After running the commands, the script confirms the config file was read, downloads SubAuth.dll to System32, sets the registry key 'Authd' to 'SubAuth', and forces a system restart in 10 seconds to apply changes.
Step 3: Verify Registry Key
Open Registry Editor and navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0 to verify the newly added registry key.
Step 4: View SubAuth.dll File
Navigate to the System32 directory to verify the downloaded SubAuth.dll file is present.
Step 5: Onboard Windows Machines for Agentless MFA
Onboard windows machine by selecting active directory for agentless MFA setup, Navigate Endpoints > Endpoints > Add Windows Endpoint
Step 6: Verify Wallet
Check for an MFA push notification in the wallet app.