Authnull Agentless AD
MFA enforcement for Active Directory — without touching a single endpoint.
Active Directory is the identity backbone of your organization. It handles every login, every file share access, every RDP session, every service running in your environment. And by default, none of it requires a second factor.
Authnull Agentless AD closes that gap — without agents, without proxies, and without changing anything about how your users or applications work today.
What It Does
Authnull Agentless AD is a sensor that runs directly on your Domain Controller. It evaluates authentication activity originating from Active Directory and enforces MFA according to configured policy before access is granted.
When someone authenticates against your domain, the real user gets a push notification on their phone. They approve it, the login goes through. They deny it, the authentication is blocked before access is granted.
It works across every protocol your domain uses:
- Kerberos — evaluated via Windows Security Event Log and WFP
- NTLM — enforced via SSP DLL inline interception
- RDP — covered via Network Level Authentication
- SMB, LDAP, WMI — covered via network-level enforcement (WinDivert mode)
Why "Agentless"?
Every other AD MFA solution has a dependency hidden in the fine print.
Some require an agent on every workstation. Some require routing your authentication traffic through a proxy. Some require migrating to a cloud identity provider.
Authnull Agentless AD has none of those dependencies. One service on the Domain Controller. That's it. Your endpoints are untouched. Your network topology is unchanged. Your Active Directory configuration is unchanged.
If your DC can run a Windows service, you're protected.
How It Fits Into Your Environment
Your Users & Devices
│
│ Kerberos / NTLM / RDP / SMB
▼
Domain Controller
│
├──► Authnull Agentless AD Sensor
│ │
│ ├── Policy check (local + backend)
│ ├── MFA push to user's phone
│ └── Allow / Deny verdict
│
▼
Active Directory
(issues ticket only on Allow)
The sensor runs on the Domain Controller and makes the enforcement decision before AD completes the authentication. Enforcement uses a combination of the Windows Security Event Log, WFP rules, and an optional SSP DLL depending on the protocols in use.
Key Capabilities
| Capability | Details |
|---|---|
| Agentless | Installs only on the DC — no endpoint software |
| Protocol coverage | Kerberos, NTLM, RDP, SMB, LDAP |
| Real-time enforcement | Auth held until MFA verdict is returned |
| Push MFA | Mobile push notification with login context |
| Monitor mode | Observe without blocking during rollout |
| Conditional access | Risk-based policy from the Authnull backend |
| JIT escalation | Admin approval gate for privileged access |
| Circuit breaker | Fails open safely if backend is unreachable |
| No endpoint deployment | No proxies, no GPO changes, no client config |
Getting Started
New to Authnull Agentless AD? Start here:
- Prerequisites — What you need before installing
- Installation — Step-by-step installation guide
- FAQ — Common questions from admins
Not sure where to start? Run the sensor in
monitormode first. It detects and logs every authentication event without blocking anything. You'll see exactly what's happening in your domain before you enforce a single policy.