Strong authentication is possible from Windows clients at the UW. There are a variety of options depending on the specific scenario.
- 2FA with a web-based application
- Personal UW NetIDs: On a per-user basis, you can enable Duo via ‘Opt in to use 2FA on the Web’. This will enable 2FA for all web applications that use Entra ID or Shibboleth for authentication
- For Admin UW NetIDs, you can require Duo for all Entra ID applications via a special opt-in process
- In some cases, Azure MFA (as opposed to Duo) may be required to sign into resources hosted in another organization’s Entra ID tenant. Users can setup Azure MFA on their account by adding Additional Verification methods
- Interactive sign in to a Windows device
- NETID domain joined computers
- Can be configured to Windows Hello for Business
- Can be configured to use FIDO2 based sign-in
- UW Entra ID joined computers
- Can be configured to Windows Hello for Business
- Can be configured to use FIDO2 based sign-in
- NETID domain joined computers
Windows computers which are joined to a departmental Active Directory or another Entra ID are subject to whatever capabilities are provided by those units; UW-IT can’t provide strong authentication capabilities due to the decision not to leverage UW-IT provided services.