The Background
Following a strategic decision to accredit the organisation for Cyber Essentials Plus and to align with an upcoming regulatory compliance requirement, a stringent audit was carried out. One of the key outcomes of this audit was that multi-factor authentication (MFA) needed to be implemented for all system logins whether that is desktop, laptop or server (accessed via remote desktop).
Having a long-standing relationship with this company, we were asked to provide advice and implementation of a recommended solution.
To satisfy all the requirements in this scenario, and based on licensing and technical infrastructure factors, we determined that Windows Hello for Business would be the best solution with the least friction for the users and admins. In addition, we initially identified the Remote Credential Guard feature to support the remote desktop login to servers.