Together, the Next-Gen Access Cloud platform and Idaptive Windows Cloud Agent make it easy for you to adopt cloud technology, support your existing IT applications deployed on-premises, and onboard remote employees.
The IT workloads, such as applications and websites, are rapidly moving from on-premises environments and hosting facilities to the cloud. According to a recent estimate, more than 80% of enterprise workloads will be in the cloud by 2020. Along with embracing the cloud, enterprises are increasingly shifting towards a distributed workforce. It is projected that by 2027, freelance workers will be the majority of the U.S. workforce. The combination of these factors requires IT organizations to rethink their approach to identity and access management.
Over the last 20 years, Microsoft Active Directory (AD) has been the de facto technology for centralized user management and authentication. Over 95% of enterprises used AD identity management capabilities in on-premises environments. However, AD is not suitable for addressing the identity and access challenges that come with the shift to the cloud-based infrastructure and distributed workforce. Organizations need to augment their on-premise AD deployments with cloud-centric identity management solutions, such as the Idaptive Next-Gen Access Cloud, that are scalable, can support remote users, and easily integrate with modern applications and protocols.
To this end, we are excited to introduce the new Idaptive Windows Cloud Agent as part of our 19.6 release. Together, the Next-Gen Access Cloud platform and Idaptive Windows Cloud Agent make it easy for you to adopt cloud technology, support your existing IT applications deployed on-premises, and onboard remote employees. With the new Windows Cloud Agent, you can easily join your Windows 10 endpoints to the Idaptive platform, enable end-users to log in to their workstations without direct connectivity to AD, protect login with Adaptive Multi-Factor Authentication, and enforce device-level security policies. Additionally, Windows Cloud Agent provides remote end-users a convenient self-service capability to unlock their accounts, reset their passwords, or set up offline one-time passcodes for secondary authentication.
In this blog post, I help you get started with the new Windows Cloud Agent by answering three main questions:
- What benefits does the Windows Cloud Agent provide?
- What are the key features of Windows Cloud Agent?
- How do I get started?
1. What benefits does the Windows Cloud Agent provide?
With Windows Cloud Agent, you can connect Windows endpoints to the Idaptive platform so that your users can sign in to their devices with their corporate credentials. Below, you can see an example of three Windows endpoints listed in the Admin Portal.
Windows Cloud Agent simplifies enrollment and management of Windows endpoints. You can group endpoints and add access permissions, which automatically provides specific groups, roles, or users the ability to access Windows endpoints managed by Idaptive. For example, you can grant users in the “IT HelpDesk” role the ability to lock, unlock, and remotely wipe Windows machines. In the screenshot below, you can see how permissions can be adjusted for reach of the endpoints.
Windows Cloud Agent also gathers device-level information, such as device name, model, OS settings, and location for each of the enrolled Windows machines. You can use this information to get better visibility into the security posture of your devices or to create conditional access policies. Here is a sample of the information captured for one of the endpoints.
For example, you can create a policy that requires users to pass secondary authentication challenges if the identity cookie is not found on their device.
2. What are the key features of Windows Cloud Agent?
Windows Cloud Agent includes the following key features.
- Adaptive endpoint MFA: With Windows Cloud Agent, you to require remote and local users to pass additional authentication challenges during the process of logging into their Windows devices. Adaptive Multi-Factor Authentication adds an extra layer of protection before access to endpoints is granted. Leveraging device, network, and user behavior context Idaptive intelligently assigns risk to each login request and allows you to create dynamic access policies that are triggered when anomalous behavior is detected.
- MFA grace period: The Multi-Factor Authentication grace period configuration enables you to define a temporary window during which successfully authenticated users can continue to login to their locked devices with only their directory credentials, even if the authentication profile requires additional factors for authentication.
- Offline OTP: Windows Cloud Agent enables users to create an offline one-time password (OTP) passcode. With an offline OTP passcode, users can sign in to their devices protected by Adaptive Multi-Factor Authentication even when they are not connected to the internet.
- Self-service account unlock: With Windows Cloud Agent, users can unlock their directory accounts by successfully passing pre-defined authentication challenges.
- Self-service password reset: Windows Cloud Agent allows end-users to reset their passwords by successfully passing pre-defined authentication challenges.
3. How do I get started?
To get started, log into your Idaptive Portal as an Administrator and switch to the Admin Portal interface.
Once in the Admin Portal, navigate to the Download section on the left side of the menu. Here you’ll find the download link for the new Idaptive Windows Cloud Agent.
After downloading the Windows Cloud Agent, refer to our help documentation to enroll a Windows 10 workstation and assign a test user to the workstation.
Then you can define an endpoint authentication policy, which in turn uses a suitable authentication profile for that user or role. You can use almost all of the existing authentication factors and authentication rules supported by Idaptive on apps portal to configure an Adaptive MFA login to the enrolled workstation.
In this blog post, I introduced the new Windows Cloud Agent and explained its key features and benefits. With Windows Cloud Agent, you can enroll and centrally manage Windows 10 devices, protect login with adaptive MFA, and enforce device-level security policies. To start using Windows Cloud Agent, simply login to your Idaptive tenant and download the agent on to your Windows machine.
*** This is a Security Bloggers Network syndicated blog from Articles authored by Stas Neyman. Read the original post at: https://www.idaptive.com/blog/idaptive-windows-cloud-agent/