Configure Agentless MFA for Windows

Prerequisites

AD Agent Installed - Required for syncing AD Users and Service Accounts.
Domain-Joined Machines - All Windows endpoints must be domain-joined.

Step 1: Download the File

Download the Agentless MFA setup script and copy it to the active directory machine.

Download MFA

Step 2: Install the File

In the active directory machine, open the PowerShell window as an administrator privilege and execute the following command.

.\agentless-install.ps1

install mfa script

After running the commands, the script confirms the config file was read, downloads SubAuth.dll to System32, sets the registry key 'Authd' to 'SubAuth', and forces a system restart in 10 seconds to apply changes.

Step 3: Verify Registry Key

Open Registry Editor and navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0 to verify the newly added registry key.

Newly added registry key

Step 4: View SubAuth.dll File

Navigate to the System32 directory to verify the downloaded SubAuth.dll file is present. View SubAuth.ddl file

Step 5: Onboard Windows Machines for Agentless MFA

Onboard windows machine by selecting active directory for agentless MFA setup, Navigate Endpoints > Endpoints > Add Windows Endpoint

Step 6: Verify Wallet

Check for an MFA push notification in the wallet app.

Next Steps

Onboard Windows Endpoint

Prerequisites​

Step 1: Download the File​

Step 2: Install the File​

Step 3: Verify Registry Key​

Step 4: View SubAuth.dll File​

Step 5: Onboard Windows Machines for Agentless MFA​

Step 6: Verify Wallet​

Next Steps​

Onboard Windows Endpoint​