{"id":16711,"date":"2026-05-18T09:47:45","date_gmt":"2026-05-18T09:47:45","guid":{"rendered":"https:\/\/www.protectimus.com\/?page_id=16711"},"modified":"2026-06-03T16:52:23","modified_gmt":"2026-06-03T16:52:23","slug":"mfa-for-active-directory","status":"publish","type":"page","link":"https:\/\/www.protectimus.com\/ru\/mfa-for-active-directory\/","title":{"rendered":"MFA for Active Directory"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"16711\" class=\"elementor elementor-16711\" data-elementor-post-type=\"page\">\n\t\t\t\t<div class=\"elementor-element elementor-element-223acb9 padded e-flex e-con-boxed e-con e-parent\" data-id=\"223acb9\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-e4740cc elementor-widget elementor-widget-heading\" data-id=\"e4740cc\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h1 class=\"elementor-heading-title elementor-size-default\">MFA for Active Directory: Complete Guide to Securing Your AD Environment<\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-045bb52 e-con-full e-flex e-con e-child\" data-id=\"045bb52\" data-element_type=\"container\">\n\t\t<div class=\"elementor-element elementor-element-b4a66c0 e-con-full e-flex e-con e-child\" data-id=\"b4a66c0\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-d41dfc9 elementor-widget elementor-widget-text-editor\" data-id=\"d41dfc9\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">Active Directory is the backbone of identity management in over 90% of Fortune 1000 companies \u2014 and it is also one of the most targeted systems in modern cyberattacks. A compromised AD account gives attackers access to everything: file servers, email, VPNs, cloud services, and internal applications. Passwords alone are no longer sufficient protection. Multi-factor authentication for Active Directory adds a critical second layer of verification that stops credential-based attacks even when passwords are stolen.<\/span><\/p><p data-start=\"102\" data-end=\"282\"><b>Quick answer: <\/b><span style=\"font-weight: 400;\">MFA for Active Directory requires users to verify their identity with a second factor \u2014 typically a one-time password (OTP) \u2014 in addition to their standard password. Protectimus implements this via its <a href=\"https:\/\/www.protectimus.com\/ru\/dspa\/\" target=\"_blank\" rel=\"noopener\">DSPA (Dynamic Strong Password Authentication)<\/a> component, which integrates directly with AD and automatically enforces MFA across all connected services \u2014 Winlogon, RDP, OWA, ADFS \u2014 without installing agents on every endpoint.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b35c05a elementor-widget elementor-widget-html\" data-id=\"b35c05a\" data-element_type=\"widget\" data-widget_type=\"html.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<script type=\"application\/ld+json\">\r\n{\r\n  \"@context\": \"https:\/\/schema.org\",\r\n  \"@type\": \"BreadcrumbList\",\r\n  \"itemListElement\": [\r\n    {\r\n      \"@type\": \"ListItem\",\r\n      \"position\": 1,\r\n      \"name\": \"Home\",\r\n      \"item\": \"https:\/\/protectimus.com\/\"\r\n    },\r\n    {\r\n      \"@type\": \"ListItem\",\r\n      \"position\": 2,\r\n      \"name\": \"Solutions\",\r\n      \"item\": \"https:\/\/protectimus.com\/solutions\/\"\r\n    },\r\n    {\r\n      \"@type\": \"ListItem\",\r\n      \"position\": 3,\r\n      \"name\": \"MFA for Active Directory\",\r\n      \"item\": \"https:\/\/protectimus.com\/mfa-for-active-directory\/\"\r\n    }\r\n  ]\r\n}\r\n<\/script>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-7332fbc e-con-full e-flex e-con e-child\" data-id=\"7332fbc\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-4b0f868 elementor-widget elementor-widget-heading\" data-id=\"4b0f868\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Table of Contents\n<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4b78b60 elementor-widget elementor-widget-text-editor\" data-id=\"4b78b60\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ol><li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"#whyactive\"><span style=\"font-weight: 400;\">Why Active Directory Needs MFA in 2026<\/span><\/a><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"#howmfaactivedir\"><span style=\"font-weight: 400;\">How MFA for Active Directory Works<\/span><\/a><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"#protectimusdspa\"><span style=\"font-weight: 400;\">Protectimus DSPA: The Unique Approach to AD MFA<\/span><\/a><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"#supportedmfa\"><span style=\"font-weight: 400;\">Supported MFA Methods for Active Directory<\/span><\/a><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"#protectedautomat\"><span style=\"font-weight: 400;\">What Services Get Protected Automatically<\/span><\/a><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"#activemfaforadfs\"><span style=\"font-weight: 400;\">Active Directory MFA for ADFS<\/span><\/a><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"#deployoptions\"><span style=\"font-weight: 400;\">Deployment Options: Cloud vs On-Premise<\/span><\/a><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"#multidomain\"><span style=\"font-weight: 400;\">Multidomain and Enterprise Environments<\/span><\/a><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"#howtosetup\"><span style=\"font-weight: 400;\">How to Set Up MFA for Active Directory with Protectimus<\/span><\/a><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"#faq\"><span style=\"font-weight: 400;\">FAQ<\/span><\/a><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"#conclusion\"><span style=\"font-weight: 400;\">Conclusion: Securing Active Directory with MFA in 2026<\/span><\/a><\/li><\/ol>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-cdef92e padded e-flex e-con-boxed e-con e-parent\" data-id=\"cdef92e\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-56c84d1 elementor-widget elementor-widget-heading\" data-id=\"56c84d1\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Key facts\n<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-bff780b elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"bff780b\" data-element_type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-d391a8f e-grid e-con-boxed e-con e-child\" data-id=\"d391a8f\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-64a96a2 border-left e-flex e-con-boxed e-con e-child\" data-id=\"64a96a2\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-4dfef98 elementor-widget elementor-widget-heading\" data-id=\"4dfef98\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">99.9% of attacks blocked by MFA<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0cc1bea elementor-widget elementor-widget-heading\" data-id=\"0cc1bea\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-heading-title elementor-size-default\">Microsoft<\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f5e29e2 elementor-widget elementor-widget-text-editor\" data-id=\"f5e29e2\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">According to Microsoft, over 99.9% of account compromise attacks can be blocked by MFA<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-f5947b8 border-left e-flex e-con-boxed e-con e-child\" data-id=\"f5947b8\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-fa74c1f elementor-hidden-desktop elementor-hidden-tablet elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"fa74c1f\" data-element_type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-47e43b7 elementor-widget elementor-widget-heading\" data-id=\"47e43b7\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">$4.4M average breach cost in 2026<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fb629a4 elementor-widget elementor-widget-heading\" data-id=\"fb629a4\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-heading-title elementor-size-default\">IBM <\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8085769 elementor-widget elementor-widget-text-editor\" data-id=\"8085769\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">The average cost of a data breach in 2026 reached approximately $4.4 million (IBM Cost of a Data Breach Report 2026)<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c6c866e elementor-hidden-desktop elementor-hidden-tablet elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"c6c866e\" data-element_type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-5c0d1fa border-left e-flex e-con-boxed e-con e-child\" data-id=\"5c0d1fa\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-d45db87 elementor-widget elementor-widget-heading\" data-id=\"d45db87\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">60% of breaches involve credentials<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-344d455 elementor-widget elementor-widget-heading\" data-id=\"344d455\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-heading-title elementor-size-default\">Verizon<\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3a4d317 elementor-widget elementor-widget-text-editor\" data-id=\"3a4d317\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">60% of breaches involve the human element \u2014 primarily credential abuse and phishing (Verizon 2026 DBIR)<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-0ae1e9a padded e-flex e-con-boxed e-con e-parent\" data-id=\"0ae1e9a\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-e899921 elementor-widget elementor-widget-heading\" data-id=\"e899921\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Key Takeaways<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-86d1b8b elementor-widget elementor-widget-spacer\" data-id=\"86d1b8b\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-9d5e935 e-grid e-con-full e-con e-child\" data-id=\"9d5e935\" data-element_type=\"container\">\n\t\t<div class=\"elementor-element elementor-element-12e9470 e-con-full e-flex e-con e-child\" data-id=\"12e9470\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-8644d62 elementor-widget elementor-widget-image\" data-id=\"8644d62\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"56\" height=\"56\" src=\"https:\/\/www.protectimus.com\/wp-content\/uploads\/2024\/02\/icon-shield.svg\" class=\"attachment-full size-full wp-image-14553\" alt=\"On-Prem MFA Platform - icon\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-317cba7 elementor-widget elementor-widget-heading\" data-id=\"317cba7\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">One Integration, Full Coverage<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d96a026 elementor-widget elementor-widget-text-editor\" data-id=\"d96a026\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>DSPA secures Active Directory at the directory level, not the endpoint. One integration automatically protects Winlogon, RDP, OWA, ADFS, and LDAP simultaneously.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-68b5ae8 e-con-full e-flex e-con e-child\" data-id=\"68b5ae8\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-8b57400 elementor-widget elementor-widget-image\" data-id=\"8b57400\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"56\" height=\"40\" src=\"https:\/\/www.protectimus.com\/wp-content\/uploads\/2024\/03\/icon-cloud-56.svg\" class=\"attachment-full size-full wp-image-12530\" alt=\"Cloud-Based MFA Service icon\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-767e2aa elementor-widget elementor-widget-heading\" data-id=\"767e2aa\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">No Software on User PCs<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d73153e elementor-widget elementor-widget-text-editor\" data-id=\"d73153e\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>No client-side agents required. DSPA is the only agentless MFA for Active Directory that covers every AD-connected service without touching user endpoints.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-9d3b5b8 e-con-full e-flex e-con e-child\" data-id=\"9d3b5b8\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-89d54f8 elementor-widget elementor-widget-image\" data-id=\"89d54f8\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"57\" height=\"56\" src=\"https:\/\/www.protectimus.com\/wp-content\/uploads\/2026\/05\/plat_new.svg\" class=\"attachment-full size-full wp-image-16520\" alt=\"On-premise MFA platform icon\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f7f585d elementor-widget elementor-widget-heading\" data-id=\"f7f585d\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">On-Premise or Private Cloud<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-aff0db8 elementor-widget elementor-widget-text-editor\" data-id=\"aff0db8\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Deploy on local infrastructure or in your private cloud for full data sovereignty, isolated network support, and regulatory compliance.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-9ddacc7 e-con-full e-flex e-con e-child\" data-id=\"9ddacc7\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-82d1654 elementor-widget elementor-widget-image\" data-id=\"82d1654\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"56\" height=\"56\" src=\"https:\/\/www.protectimus.com\/wp-content\/uploads\/2024\/02\/icon-check.svg\" class=\"attachment-full size-full wp-image-12461\" alt=\"Customer Stories section icon \u2013 real-life client experiences\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-eb78c60 elementor-widget elementor-widget-heading\" data-id=\"eb78c60\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Audit-Ready Out of the Box<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ee318b2 elementor-widget elementor-widget-text-editor\" data-id=\"ee318b2\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>OATH-certified solution aligned with PCI DSS v4.0, HIPAA, NIST SP 800-63B, SOC 2, and ISO 27001 requirements.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-cb9fab9 e-con-full e-flex e-con e-child\" data-id=\"cb9fab9\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-1b3c387 elementor-widget elementor-widget-image\" data-id=\"1b3c387\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"64\" height=\"64\" src=\"https:\/\/www.protectimus.com\/wp-content\/uploads\/2024\/07\/clock.svg\" class=\"attachment-full size-full wp-image-12911\" alt=\"Time-Controlled Resource Access icon\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-84c6048 elementor-widget elementor-widget-heading\" data-id=\"84c6048\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Fast-Track Rollout<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1abcc56 elementor-widget elementor-widget-text-editor\" data-id=\"1abcc56\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Typical end-to-end rollout takes 1\u20132 days \u2014 from platform setup to organization-wide MFA across all AD services.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-7c15682 e-con-full e-flex e-con e-child\" data-id=\"7c15682\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-ffb514c elementor-widget elementor-widget-image\" data-id=\"ffb514c\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"56\" height=\"56\" src=\"https:\/\/www.protectimus.com\/wp-content\/uploads\/2024\/02\/icon-srv.svg\" class=\"attachment-full size-full wp-image-14579\" alt=\"Protectimus Windows &amp; RDP MFA integration icon\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3382fca elementor-widget elementor-widget-heading\" data-id=\"3382fca\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Scale Without Limits<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-785b26a elementor-widget elementor-widget-text-editor\" data-id=\"785b26a\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Supports multidomain forests, clustering, group-based MFA policies, and high-availability deployments with automatic failover.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-30a9584 elementor-widget elementor-widget-spacer\" data-id=\"30a9584\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-5b50e5c padded e-flex e-con-boxed e-con e-parent\" data-id=\"5b50e5c\" data-element_type=\"container\" id=\"whyactive\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-28b1e56 e-con-full e-flex e-con e-child\" data-id=\"28b1e56\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-a6f90e4 elementor-widget elementor-widget-heading\" data-id=\"a6f90e4\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Why Active Directory Needs MFA in 2026<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9d2498b elementor-widget elementor-widget-text-editor\" data-id=\"9d2498b\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">Active Directory is the single most valuable target in any corporate network \u2014 and password-only protection leaves it critically exposed. Deploying two-factor authentication for Active Directory is no longer optional for any organization handling sensitive data.<\/span><\/p><p><span style=\"font-weight: 400;\">Active Directory stores user credentials, group policies, access rights, and authentication data for every system in the organization. When an attacker gains access to even one privileged AD account, they can move laterally across the entire infrastructure, escalate privileges, exfiltrate data, and deploy ransomware \u2014 all using legitimate credentials that bypass most security controls.<\/span><\/p><p><span style=\"font-weight: 400;\">The scale of the problem is well-documented:<\/span><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><b>60% of breaches involve the human element<\/b><span style=\"font-weight: 400;\">, with stolen credentials remaining the leading initial access vector, according to the Verizon 2026 Data Breach Investigations Report<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><b>Pass-the-hash and pass-the-ticket attacks<\/b><span style=\"font-weight: 400;\"> specifically target Active Directory authentication tokens, allowing attackers to authenticate without knowing the actual password<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><b>Kerberoasting<\/b><span style=\"font-weight: 400;\"> \u2014 an attack technique targeting AD service accounts \u2014 continues to grow year-over-year, according to CrowdStrike&#8217;s 2026 Global Threat Report<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><b>Brute force attacks against RDP and Winlogon<\/b><span style=\"font-weight: 400;\"> \u2014 both AD-authenticated \u2014 account for a significant portion of initial access in ransomware incidents<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><b>DCSync and Golden Ticket attacks<\/b><span style=\"font-weight: 400;\"> allow adversaries who reach a domain controller to extract or forge authentication material \u2014 risks that static AD credentials alone cannot mitigate<\/span><\/li><\/ul><p><span style=\"font-weight: 400;\">The fundamental problem is architectural: AD was designed in an era when the corporate perimeter was clearly defined. Today, with remote work, cloud services, and contractor access, that perimeter no longer exists. Credentials can be phished, stolen via malware, exposed in third-party breaches, or guessed through brute force.<\/span><\/p><p><span style=\"font-weight: 400;\"><a href=\"https:\/\/www.protectimus.com\/ru\/solutions\/\" target=\"_blank\" rel=\"noopener\">Multi-factor authentication<\/a> significantly reduces the risk of stolen credentials by requiring a second factor that attackers cannot obtain remotely. Even if a password is compromised, the account remains inaccessible without access to the user\u2019s authenticator app or another second authentication factor.<\/span><\/p><p><span style=\"font-weight: 400;\">The challenge, historically, has been implementing AD 2FA across the full environment without disrupting existing workflows or requiring massive infrastructure changes. This is precisely the problem that Protectimus DSPA was built to solve.<\/span><\/p><p>For a real-world example, see <a href=\"https:\/\/www.protectimus.com\/ru\/blog\/customer-stories-dxc-technology-2fa\/\" target=\"_blank\" rel=\"noopener\">how DXC Technology deployed Protectimus DSPA across all AD-connected services<\/a>.&#187;<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-d57877c padded e-flex e-con-boxed e-con e-parent\" data-id=\"d57877c\" data-element_type=\"container\" id=\"howmfaactivedir\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-1698709 e-con-full e-flex e-con e-child\" data-id=\"1698709\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-88c2197 elementor-widget elementor-widget-heading\" data-id=\"88c2197\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">How MFA for Active Directory Works<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-83f93dd elementor-widget elementor-widget-text-editor\" data-id=\"83f93dd\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">Active Directory two-factor authentication works either by adding a second verification step to the standard AD authentication flow or by replacing the standard AD password with a dynamic one-time password during authentication.<\/span><\/p><p><span style=\"font-weight: 400;\">The standard AD authentication process involves a user entering their username and password, which AD validates against its database. With MFA enabled, authentication is performed using a time-based one-time password (TOTP) generated by an authenticator app or delivered via a chatbot.<\/span><\/p><p><span style=\"font-weight: 400;\">There are two fundamental approaches to implementing this:<\/span><\/p><h3><b>Approach 1: Endpoint-based MFA agents<\/b><\/h3><p><span style=\"font-weight: 400;\">Traditional MFA solutions install software agents on each workstation, server, or application. When a user authenticates, the agent intercepts the request and prompts for a second factor. This approach has significant drawbacks:<\/span><\/p><table><thead><tr><th><p><b>Limitation<\/b><\/p><\/th><th><p><b>Impact<\/b><\/p><\/th><\/tr><\/thead><tbody><tr><td><p><span style=\"font-weight: 400;\">Agent must be installed on every endpoint<\/span><\/p><\/td><td><p><span style=\"font-weight: 400;\">High deployment overhead<\/span><\/p><\/td><\/tr><tr><td><p><span style=\"font-weight: 400;\">Each application may need a separate integration<\/span><\/p><\/td><td><p><span style=\"font-weight: 400;\">Multiple MFA solutions required<\/span><\/p><\/td><\/tr><tr><td><p><span style=\"font-weight: 400;\">Agents require regular updates and maintenance<\/span><\/p><\/td><td><p><span style=\"font-weight: 400;\">Ongoing administrative burden<\/span><\/p><\/td><\/tr><tr><td><p><span style=\"font-weight: 400;\">Offline scenarios require special handling<\/span><\/p><\/td><td><p><span style=\"font-weight: 400;\">Complex edge cases<\/span><\/p><\/td><\/tr><\/tbody><\/table><h3><b>Approach 2: Directory-level MFA (Protectimus DSPA)<\/b><\/h3><p><span style=\"font-weight: 400;\">Protectimus DSPA integrates directly with Active Directory at the directory level \u2014 not at the endpoint or application level. Instead of adding a separate authentication step, DSPA dynamically replaces users&#8217; static passwords in AD with time-based one-time passwords.<\/span><\/p><p><span style=\"font-weight: 400;\">Users generate OTPs using the Protectimus SMART authenticator app or chatbots in Telegram, Viber, or Facebook Messenger. Since access to the app or messenger can be additionally protected with a PIN code or biometrics, the login process gains an additional layer of security without requiring extra software on endpoints.<\/span><\/p><p><span style=\"font-weight: 400;\">From the user&#8217;s perspective, they simply enter the current OTP. From AD&#8217;s perspective, this temporary code becomes the valid password, which automatically changes according to the configured rotation interval.<\/span><\/p><p><span style=\"font-weight: 400;\">This approach means that any service connected to Active Directory \u2014 Winlogon, RDP, OWA, ADFS, and more \u2014 automatically inherits MFA protection without any additional integration work.<\/span><\/p><h3><b>Where TOTP fits alongside FIDO2 and passwordless authentication<\/b><\/h3><p><span style=\"font-weight: 400;\">A reasonable question in 2026 is how TOTP-based MFA for Active Directory relates to newer phishing-resistant methods like FIDO2, WebAuthn, and passkeys. The practical answer: on-premise Active Directory environments \u2014 especially legacy services like Winlogon, RDP, LDAP, and command-line AD access \u2014 do not natively support FIDO2 across all entry points. TOTP-based MFA via DSPA closes those gaps today, working uniformly across every AD-authenticated service, including ones that will likely never see native FIDO2 support. Many enterprises deploy DSPA for broad AD coverage and use FIDO2 selectively for high-value cloud applications via ADFS.<\/span><i><\/i><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-86abc7e padded e-flex e-con-boxed e-con e-parent\" data-id=\"86abc7e\" data-element_type=\"container\" id=\"protectimusdspa\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-f0f2e30 e-con-full e-flex e-con e-child\" data-id=\"f0f2e30\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-684bcff elementor-widget elementor-widget-heading\" data-id=\"684bcff\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Protectimus DSPA: The Unique Approach to AD MFA<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4b52e3d elementor-widget elementor-widget-text-editor\" data-id=\"4b52e3d\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">Protectimus DSPA (Dynamic Strong Password Authentication) is the only agentless MFA for Active Directory that secures AD at the directory level, automatically extending protection to all connected services simultaneously.<\/span><\/p><p><span style=\"font-weight: 400;\">Most MFA vendors offer Active Directory integration as a feature \u2014 but what they actually mean is integration with ADFS, or an agent-based solution for Windows login, or a RADIUS proxy for VPN. Each of these protects one specific entry point. To cover the full AD environment, organizations end up deploying and managing multiple separate MFA solutions.<\/span><\/p><p><span style=\"font-weight: 400;\">DSPA takes a fundamentally different approach:<\/span><\/p><h3><b>How DSPA works technically:<\/b><\/h3><ol><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The <a href=\"https:\/\/www.protectimus.com\/ru\/platform\/\" target=\"_blank\" rel=\"noopener\">Protectimus On-Premise Platform<\/a> with the DSPA component is installed on-premise<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><a href=\"https:\/\/www.protectimus.com\/ru\/guides\/dspa\/\" target=\"_blank\" rel=\"noopener\">DSPA connects to Active Directory via LDAP\/LDAPS<\/a> and requires permissions to update user passwords<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">DSPA regularly updates user passwords in AD with the current TOTP value<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">When a user authenticates to any AD-connected service, they enter the current OTP generated by the authenticator app or delivered via a chatbot<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Since access to the authenticator app or messenger is protected with a PIN code, password, or biometrics, OTP generation is secured by an additional authentication factor<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">AD validates the temporary credential \u2014 no separate MFA prompt and no additional software on the client machine are required<\/span><\/li><\/ol><h3><b>Key advantages of the DSPA approach:<\/b><\/h3><table><thead><tr><th><p><b>Feature<\/b><\/p><\/th><th><p><b>Traditional MFA<\/b><\/p><\/th><th><p><b>Protectimus DSPA<\/b><\/p><\/th><\/tr><\/thead><tbody><tr><td><p><span style=\"font-weight: 400;\">Integration scope<\/span><\/p><\/td><td><p><span style=\"font-weight: 400;\">Per-service<\/span><\/p><\/td><td><p><span style=\"font-weight: 400;\">Entire AD environment<\/span><\/p><\/td><\/tr><tr><td><p><span style=\"font-weight: 400;\">Client-side software<\/span><\/p><\/td><td><p><span style=\"font-weight: 400;\">Required<\/span><\/p><\/td><td><p><span style=\"font-weight: 400;\">Not required<\/span><\/p><\/td><\/tr><tr><td><p><span style=\"font-weight: 400;\">Services covered<\/span><\/p><\/td><td><p><span style=\"font-weight: 400;\">Selected integrations<\/span><\/p><\/td><td><p><span style=\"font-weight: 400;\">All AD-connected services<\/span><\/p><\/td><\/tr><tr><td><p><span style=\"font-weight: 400;\">Administrative overhead<\/span><\/p><\/td><td><p><span style=\"font-weight: 400;\">High (multiple integrations)<\/span><\/p><\/td><td><p><span style=\"font-weight: 400;\">Low (single integration)<\/span><\/p><\/td><\/tr><tr><td><p><span style=\"font-weight: 400;\">LDAP\/database support<\/span><\/p><\/td><td><p><span style=\"font-weight: 400;\">Limited<\/span><\/p><\/td><td><p><span style=\"font-weight: 400;\">Yes (AD\/LDAP\/DBMS)<\/span><\/p><\/td><\/tr><\/tbody><\/table><p><b>Security implications: <\/b><span style=\"font-weight: 400;\">Because DSPA operates at the directory level, it also protects against a class of attacks that endpoint-based solutions cannot: direct AD access via command line, LDAP queries, or programmatic access. Even if an attacker knows a previously valid credential and attempts to authenticate directly against AD without going through a UI, the temporary credential will be invalid \u2014 access denied.<\/span><\/p><p><span style=\"font-weight: 400;\">Protectimus DSPA works with the Protectimus On-Premise MFA Platform, which can be deployed either on local servers or in the customer&#8217;s private cloud, providing complete data sovereignty and no external dependencies.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-280411b padded e-flex e-con-boxed e-con e-parent\" data-id=\"280411b\" data-element_type=\"container\" id=\"supportedmfa\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-2bd5d59 e-con-full e-flex e-con e-child\" data-id=\"2bd5d59\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-347cae5 elementor-widget elementor-widget-heading\" data-id=\"347cae5\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Supported MFA Methods for Active Directory<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3977085 elementor-widget elementor-widget-text-editor\" data-id=\"3977085\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">Protectimus Windows Active Directory MFA supports two advanced second-factor methods, giving organizations the flexibility to choose the right authentication experience for different user groups.<\/span><\/p><p><b>Available authentication methods:<\/b><\/p><h3><b>1. TOTP Mobile App (Protectimus Smart OTP)<\/b><\/h3><p><span style=\"font-weight: 400;\">The <a href=\"https:\/\/www.protectimus.com\/ru\/token\/smart\/\" target=\"_blank\" rel=\"noopener\">Protectimus Smart OTP app<\/a> is available for Android and iOS. It generates time-based one-time passwords and supports configurable time steps (30, 60, 90 seconds, or any multiple of 30 up to 3000 seconds). This flexibility is essential for DSPA, where the OTP time step must match the password rotation interval configured in AD.<\/span><\/p><p><b>Features:<\/b><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Cloud backup for token recovery<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">PIN and biometric protection<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Easy token transfer to a new device<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Compatible with any OATH TOTP standard<\/span><\/li><\/ul><h3><b>2. Protectimus BOT<\/b><\/h3><p><span style=\"font-weight: 400;\"><a href=\"https:\/\/www.protectimus.com\/ru\/token\/bot\/\" target=\"_blank\" rel=\"noopener\">OTP delivery via Telegram, Viber, or Facebook Messenger bots<\/a> \u2014 a modern alternative to SMS that works over internet connections without carrier dependency. Users can additionally protect access to the messenger app with a password, PIN, or biometrics, adding an extra layer of security to the authentication process.<\/span><\/p><h3><b>Choosing the right method for DSPA:<\/b><\/h3><p><span style=\"font-weight: 400;\">For DSPA deployments specifically, users can authenticate either with the Protectimus SMART authenticator app or with Protectimus BOT MFA chatbots. Both methods support configurable TOTP time intervals that can be synchronized with the DSPA password rotation interval and can be additionally protected with a PIN or biometrics for enhanced security.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-a29b829 padded e-flex e-con-boxed e-con e-parent\" data-id=\"a29b829\" data-element_type=\"container\" id=\"protectedautomat\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-1dc9ec2 e-con-full e-flex e-con e-child\" data-id=\"1dc9ec2\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-131348d elementor-widget elementor-widget-heading\" data-id=\"131348d\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">What Services Get Protected Automatically<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5266633 elementor-widget elementor-widget-text-editor\" data-id=\"5266633\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">When Protectimus DSPA is integrated with Active Directory, OTP-based authentication is automatically applied to services that authenticate directly against AD \u2014 without requiring separate endpoint agents or per-service integrations.<\/span><\/p><p><span style=\"font-weight: 400;\">This is the core value proposition of DSPA: a single Active Directory integration can protect multiple connected services at once.<\/span><\/p><p><span style=\"font-weight: 400;\">Here is what gets protected automatically:<br \/><\/span><\/p><p><b>Windows Authentication<\/b><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><a href=\"https:\/\/www.protectimus.com\/ru\/winlogon\/\" target=\"_blank\" rel=\"noopener\">Winlogon \u2014 Windows desktop login<\/a> (domain-joined workstations)<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">RDP (Remote Desktop Protocol) \u2014 remote access to Windows servers and workstations<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Windows Server authentication \u2014 server-level access<\/span><\/span><\/li><\/ul><p><b><br \/>Microsoft Email and Collaboration<\/b><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><a href=\"https:\/\/www.protectimus.com\/ru\/owa\/\" target=\"_blank\" rel=\"noopener\">OWA (Outlook Web Access)<\/a> \u2014 webmail access via Active Directory authentication<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Exchange ActiveSync \u2014 mobile email synchronization<\/span><\/span><\/li><\/ul><p><b><br \/>Directory Services<\/b><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">LDAP authentication \u2014 any application using LDAP queries against AD<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Command-line AD access \u2014 programmatic access via Windows command line or scripts<\/span><\/span><\/li><\/ul><p><b><br \/>Federation Services<\/b><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">ADFS 3.0 and 4.0 \u2014 services federated through AD FS inherit DSPA-protected authentication because AD FS relies on Active Directory<\/span><\/span><\/li><\/ul><p><b><br \/>Additional services protected via other Protectimus components include<\/b><\/p><p><span style=\"font-weight: 400;\">RADIUS-connected services (via <a href=\"https:\/\/www.protectimus.com\/ru\/guides\/radius-2fa\/\" target=\"_blank\" rel=\"noopener\">separate Protectimus RADIUS component<\/a>):<\/span><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">VPN solutions (Cisco, Citrix, FortiGate, SonicWALL, OpenVPN, etc.)<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Wi-Fi authentication (802.1X)<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Firewalls and network appliances<\/span><\/li><\/ul><h3><b>Comparison of coverage:<\/b><\/h3><table><thead><tr><th><b>Service<\/b><\/th><th><b>Traditional endpoint MFA<\/b><\/th><th><b>Protectimus DSPA<\/b><\/th><\/tr><\/thead><tbody><tr><th><span style=\"font-weight: 400;\">Winlogon<\/span><\/th><th><span style=\"font-weight: 400;\">Requires agent<\/span><\/th><th><span style=\"font-weight: 400;\">\u2713 Automatic<\/span><\/th><\/tr><tr><th><span style=\"font-weight: 400;\">RDP<\/span><\/th><th><span style=\"font-weight: 400;\">Requires agent<\/span><\/th><th><span style=\"font-weight: 400;\">\u2713 Automatic<\/span><\/th><\/tr><tr><th><span style=\"font-weight: 400;\">OWA<\/span><\/th><th><span style=\"font-weight: 400;\">Requires plugin<\/span><\/th><th><span style=\"font-weight: 400;\">\u2713 Automatic<\/span><\/th><\/tr><tr><th><span style=\"font-weight: 400;\">LDAP access<\/span><\/th><th><span style=\"font-weight: 400;\">\u2717 Not covered<\/span><\/th><th><span style=\"font-weight: 400;\">\u2713 Automatic<\/span><\/th><\/tr><tr><th><span style=\"font-weight: 400;\">CLI AD access<\/span><\/th><th><span style=\"font-weight: 400;\">\u2717 Not covered<\/span><\/th><th><span style=\"font-weight: 400;\">\u2713 Automatic<\/span><\/th><\/tr><tr><th><span style=\"font-weight: 400;\">ADFS<\/span><\/th><th><span style=\"font-weight: 400;\">Requires plugin<\/span><\/th><th><span style=\"font-weight: 400;\">\u2713 Automatic<\/span><\/th><\/tr><tr><td><span style=\"font-weight: 400;\">ADFS-federated apps<\/span><\/td><td><span style=\"font-weight: 400;\">Requires plugin<\/span><\/td><td><span style=\"font-weight: 400;\">\u2713 Inherit authentication from AD FS<\/span><\/td><\/tr><\/tbody><\/table><p><span style=\"font-weight: 400;\">The practical implication: organizations using traditional MFA often have coverage gaps they are unaware of. A user&#8217;s Windows login might be MFA-protected, but direct LDAP access to the same account might not be. DSPA closes these gaps by operating at the source.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-16797b4 padded e-flex e-con-boxed e-con e-parent\" data-id=\"16797b4\" data-element_type=\"container\" id=\"activemfaforadfs\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-bb86bc5 e-con-full e-flex e-con e-child\" data-id=\"bb86bc5\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-891beb3 elementor-widget elementor-widget-heading\" data-id=\"891beb3\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Active Directory MFA for ADFS<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d7f6098 elementor-widget elementor-widget-text-editor\" data-id=\"d7f6098\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">Protectimus also provides a <a href=\"https:\/\/www.protectimus.com\/ru\/adfs\/\" target=\"_blank\" rel=\"noopener\">dedicated ADFS component<\/a> for organizations that use Active Directory Federation Services, enabling MFA for all ADFS-federated applications in under 15 minutes.<\/span><\/p><p><span style=\"font-weight: 400;\">ADFS (Active Directory Federation Services) is Microsoft&#8217;s identity federation solution that enables Single Sign-On (SSO) across cloud services and web applications. When MFA is configured at the ADFS level, it applies to all services federated through ADFS \u2014 without any per-application integration.<\/span><\/p><p><b>Supported ADFS versions:<\/b><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><a href=\"https:\/\/www.protectimus.com\/ru\/guides\/adfs-3-0\/\" target=\"_blank\" rel=\"noopener\">ADFS 3.0<\/a> (Windows Server 2012 R2)<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><span style=\"font-weight: 400;\"><a href=\"https:\/\/www.protectimus.com\/ru\/guides\/adfs-4-0\/\" target=\"_blank\" rel=\"noopener\">ADFS 4.0<\/a> (Windows Server 2016)<\/span><\/span><\/li><\/ul><p><b><br \/>Services that can be secured via Protectimus + ADFS:<\/b><\/p><p><span style=\"font-weight: 400;\">Cloud services: AWS, Microsoft 365, Salesforce, Dropbox, GitHub, Slack, Zoom, Webex, Jira SSO, Workday, Zendesk, and dozens more.<\/span><\/p><p><b>Integration process:<\/b><\/p><ol><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Register with Protectimus Cloud or install Protectimus On-Premise platform<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Create a resource and add users in Protectimus<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Download the Protectimus ADFS installer<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Run the installer on your ADFS server (requires administrator privileges)<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Enter API URL, Login, API Key, and Resource ID during installation<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Configure ADFS to use Protectimus as the additional authentication provider<\/span><\/span><\/li><\/ol><p><b>Important technical note: <\/b><span style=\"font-weight: 400;\">Users in Protectimus must have logins in the format login@domain.com to match the ADFS identity format. This is a common configuration mistake that causes authentication failures.<\/span><\/p><p><b>ADFS + DSPA combination: <\/b><span style=\"font-weight: 400;\">For maximum coverage, organizations can deploy both DSPA (for direct AD authentication) and the Protectimus ADFS component (for federated cloud services). This combination ensures that all entry points to the corporate identity infrastructure require MFA, with no gaps.<\/span><i><\/i><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-9c8d6af padded e-flex e-con-boxed e-con e-parent\" data-id=\"9c8d6af\" data-element_type=\"container\" id=\"deployoptions\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-628fed7 e-con-full e-flex e-con e-child\" data-id=\"628fed7\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-4221a91 elementor-widget elementor-widget-heading\" data-id=\"4221a91\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Deployment Options: Cloud vs On-Premise<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-367d754 elementor-widget elementor-widget-text-editor\" data-id=\"367d754\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">Protectimus MFA for Active Directory is available both as a cloud service and as a fully on-premise platform. Components such as ADFS MFA integration support both deployment models, while Protectimus DSPA is available exclusively with the on-premise platform, which can be deployed on local infrastructure or in a private cloud environment.<\/span><\/p><h3><b>Cloud (SaaS) Deployment<\/b><\/h3><p><span style=\"font-weight: 400;\">The Protectimus cloud service requires no server infrastructure on the client side. The MFA platform is hosted and maintained by Protectimus, and ADFS connects to it via API. This is the fastest path to deployment.<\/span><\/p><p><b>Advantages:<\/b><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">No server hardware required<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Automatic updates and maintenance<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Rapid deployment (hours, not days)<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Pay-as-you-go pricing model<\/span><\/span><\/li><\/ul><p><b><br \/>Considerations:<\/b><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Authentication data passes through Protectimus cloud infrastructure<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Requires internet connectivity<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Not suitable for air-gapped environments<\/span><\/span><\/li><\/ul><h3><b>On-Premise Deployment<\/b><\/h3><p><span style=\"font-weight: 400;\">The Protectimus On-Premise platform is installed within the client&#8217;s own infrastructure \u2014 either on physical servers or in a private cloud. It provides complete data sovereignty and supports isolated network deployments.<\/span><\/p><p><b>Technical specifications for on-premise installation:<\/b><\/p><table><thead><tr><th><p><b>Component<\/b><\/p><\/th><th><p><b>Requirement<\/b><\/p><\/th><\/tr><\/thead><tbody><tr><td><p><span style=\"font-weight: 400;\">Instance type<\/span><\/p><\/td><td><p><span style=\"font-weight: 400;\">2 Core CPU, 8 GB RAM<\/span><\/p><\/td><\/tr><tr><td><p><span style=\"font-weight: 400;\">Operating system<\/span><\/p><\/td><td><p><span style=\"font-weight: 400;\">Linux (primary), FreeBSD, Windows<\/span><\/p><\/td><\/tr><tr><td><p><span style=\"font-weight: 400;\">Storage<\/span><\/p><\/td><td><p><span style=\"font-weight: 400;\">100 GB per instance per month<\/span><\/p><\/td><\/tr><tr><td><p><span style=\"font-weight: 400;\">Network traffic<\/span><\/p><\/td><td><p><span style=\"font-weight: 400;\">1,000 GB per month<\/span><\/p><\/td><\/tr><tr><td><p><span style=\"font-weight: 400;\">High availability<\/span><\/p><\/td><td><p><span style=\"font-weight: 400;\">Minimum 3-node cluster with HAProxy<\/span><\/p><\/td><\/tr><\/tbody><\/table><p>For step-by-step installation instructions, see the <a href=\"https:\/\/www.protectimus.com\/ru\/guides\/on-premise-platform\/\" target=\"_blank\" rel=\"noopener\">Protectimus On-Premise Platform installation guide<\/a>.<\/p><p><b>On-premise features:<\/b><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Full control over all authentication data<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Multidomain environment support<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Clustering and high availability<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Data replication and backup<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Private cloud deployment option<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Air-gapped network support<\/span><\/span><\/li><\/ul><h3><b>Private Cloud Deployment<\/b><\/h3><p><span style=\"font-weight: 400;\">A hybrid option where the Protectimus platform is deployed in the client&#8217;s private cloud infrastructure (AWS, Azure, Google Cloud private instances). This provides cloud scalability with on-premise data control.<\/span><\/p><p><span style=\"font-weight: 400;\">For most regulated industries \u2014 financial services, healthcare, government \u2014 the on-premise or private cloud deployment is preferred due to data residency requirements.<\/span><\/p><p><b>Not sure which deployment model fits your environment? <\/b><span style=\"font-weight: 400;\">Protectimus solutions architects can review your AD topology, compliance requirements, and existing infrastructure to recommend the right path. Request a free architecture consultation.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-dd147b2 padded e-flex e-con-boxed e-con e-parent\" data-id=\"dd147b2\" data-element_type=\"container\" id=\"multidomain\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-c9b7b25 e-con-full e-flex e-con e-child\" data-id=\"c9b7b25\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-fad9de1 elementor-widget elementor-widget-heading\" data-id=\"fad9de1\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Multidomain and Enterprise Environments<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-78865c0 elementor-widget elementor-widget-text-editor\" data-id=\"78865c0\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">Protectimus Microsoft AD MFA fully supports multidomain environments, making it suitable for large enterprises with complex AD forest structures and distributed domain controller MFA deployments.<\/span><\/p><p><span style=\"font-weight: 400;\">Enterprise Active Directory environments frequently involve multiple domains within a single forest, trust relationships between forests, and geographically distributed domain controllers. Traditional MFA solutions struggle in these environments because they require separate configuration for each domain or rely on endpoint agents that must be deployed across thousands of machines.<\/span><\/p><h3><b>Protectimus multidomain support:<\/b><\/h3><p><span style=\"font-weight: 400;\">The Protectimus On-Premise platform is specifically designed for multidomain environments. Key capabilities include:<\/span><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><b>Cross-domain authentication: <\/b><span style=\"font-weight: 400;\">Users from different domains within the same organization can all be authenticated through a single Protectimus deployment<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><b>Forest trust support: <\/b><span style=\"font-weight: 400;\">Authentication flows across trusted AD forests are handled correctly<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><b>Centralized management: <\/b><span style=\"font-weight: 400;\">All users, tokens, and policies managed from a single Protectimus admin console, regardless of domain<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><b>Group-based policy: <\/b><span style=\"font-weight: 400;\">MFA can be applied to specific AD groups rather than all users \u2014 useful for phased rollouts or applying stricter security to privileged accounts<br \/><br \/><\/span><\/li><\/ul><h3><b>Selective MFA deployment:<\/b><\/h3><p><span style=\"font-weight: 400;\">A common enterprise requirement is applying MFA to specific user groups \u2014 IT administrators, privileged users, remote workers \u2014 while leaving other groups on Active Directory authentication during a transition period. Protectimus DSPA supports this via AD group-based targeting.<\/span><\/p><h3><b>High availability and clustering:<\/b><\/h3><p><span style=\"font-weight: 400;\">For enterprise deployments, Protectimus On-Premise supports a clustered architecture:<\/span><\/p><table><thead><tr><th><p><b>Configuration<\/b><\/p><\/th><th><p><b>Description<\/b><\/p><\/th><\/tr><\/thead><tbody><tr><td><p><span style=\"font-weight: 400;\">Standard cluster<\/span><\/p><\/td><td><p><span style=\"font-weight: 400;\">Minimum 3 nodes for high availability<\/span><\/p><\/td><\/tr><tr><td><p><span style=\"font-weight: 400;\">Master-slave replication<\/span><\/p><\/td><td><p><span style=\"font-weight: 400;\">Real-time data replication across nodes<\/span><\/p><\/td><\/tr><tr><td><p><span style=\"font-weight: 400;\">HAProxy load balancing<\/span><\/p><\/td><td><p><span style=\"font-weight: 400;\">Traffic distribution and health monitoring<\/span><\/p><\/td><\/tr><tr><td><p><span style=\"font-weight: 400;\">Automatic failover<\/span><\/p><\/td><td><p><span style=\"font-weight: 400;\">Seamless switching if a node fails<\/span><\/p><\/td><\/tr><tr><td><p><span style=\"font-weight: 400;\">Backup and restore<\/span><\/p><\/td><td><p><span style=\"font-weight: 400;\">Scheduled backups of all authentication data<\/span><\/p><\/td><\/tr><\/tbody><\/table><p><span style=\"font-weight: 400;\">This architecture ensures that MFA never becomes a single point of failure in the authentication infrastructure.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-a2442ac padded e-flex e-con-boxed e-con e-parent\" data-id=\"a2442ac\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-d2891c1 e-con-full e-flex e-con e-child\" data-id=\"d2891c1\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-f2847f8 elementor-widget elementor-widget-heading\" data-id=\"f2847f8\" data-element_type=\"widget\" id=\"howtosetup\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">How to Set Up MFA for Active Directory with Protectimus<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-32a2622 elementor-widget elementor-widget-text-editor\" data-id=\"32a2622\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">Setting up Protectimus MFA for Active Directory involves four main steps: platform installation, DSPA setup, user synchronization, and testing.<\/span><\/p><p><b>Prerequisites:<\/b><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Microsoft Active Directory or another LDAP-compatible directory<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Administrative access to the directory<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">A server or private cloud environment meeting the requirements for deploying the Protectimus On-Premise Platform<br \/><br \/><\/span><\/li><\/ul><p><b>Step-by-step setup:<br \/><\/b><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-6b62c969 e-con-full e-flex e-con e-child\" data-id=\"6b62c969\" data-element_type=\"container\">\n\t\t<div class=\"elementor-element elementor-element-1053c6f5 e-con-full e-flex e-con e-child\" data-id=\"1053c6f5\" data-element_type=\"container\">\n\t\t<div class=\"elementor-element elementor-element-37130881 e-con-full e-flex e-con e-child\" data-id=\"37130881\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-5dd6949d elementor-widget elementor-widget-image\" data-id=\"5dd6949d\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"40\" height=\"40\" src=\"https:\/\/www.protectimus.com\/wp-content\/uploads\/2024\/07\/1.svg\" class=\"attachment-full size-full wp-image-12906\" alt=\"Step 1 icon\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7c30db46 elementor-widget elementor-widget-heading\" data-id=\"7c30db46\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Step 1: Register with Protectimus<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-773962ca elementor-widget elementor-widget-text-editor\" data-id=\"773962ca\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Register with Protectimus 2FA cloud service. To do so, <a target=\"_blank\" target=\"_blank\" href=\"https:\/\/service.protectimus.com\/register\" target=\"_blank\" rel=\"noopener\">follow this link<\/a>, fill out the registration form, and confirm your email address<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-1bc0324f e-con-full e-flex e-con e-child\" data-id=\"1bc0324f\" data-element_type=\"container\">\n\t\t<div class=\"elementor-element elementor-element-631ac250 e-con-full e-flex e-con e-child\" data-id=\"631ac250\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-190f7b00 elementor-widget elementor-widget-image\" data-id=\"190f7b00\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"40\" height=\"40\" src=\"https:\/\/www.protectimus.com\/wp-content\/uploads\/2024\/07\/2.svg\" class=\"attachment-full size-full wp-image-12907\" alt=\"Step 2 icon\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1cc1021d elementor-widget elementor-widget-heading\" data-id=\"1cc1021d\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Step 2: Activate a payment plan<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-63be4293 elementor-widget elementor-widget-text-editor\" data-id=\"63be4293\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>To use Protectimus SaaS platform and enable the API, you&#8217;ll need to activate a payment plan. To do so, navigate to the\u00a0\u201c<a target=\"_blank\" target=\"_blank\" href=\"https:\/\/service.protectimus.com\/panel\/tariffs\" target=\"_blank\" rel=\"noopener\">Payment plans<\/a>\u201d\u00a0section<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-592be36b e-con-full e-flex e-con e-child\" data-id=\"592be36b\" data-element_type=\"container\">\n\t\t<div class=\"elementor-element elementor-element-5e6425dc e-con-full e-flex e-con e-child\" data-id=\"5e6425dc\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-16f8724f elementor-widget elementor-widget-image\" data-id=\"16f8724f\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"40\" height=\"40\" src=\"https:\/\/www.protectimus.com\/wp-content\/uploads\/2024\/07\/3.svg\" class=\"attachment-full size-full wp-image-12908\" alt=\"Step 3 icon\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2a18270b elementor-widget elementor-widget-heading\" data-id=\"2a18270b\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Step 3: Create a resource<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-11977e49 elementor-widget elementor-widget-text-editor\" data-id=\"11977e49\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tResources are used to logically group users and OTP tokens. To\u00a0create a resource, click &#171;Resources&#187; in your account, in the menu to the left, and then click &#171;Add resource&#187; at the top of the table\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-4436cffb e-con-full e-flex e-con e-child\" data-id=\"4436cffb\" data-element_type=\"container\">\n\t\t<div class=\"elementor-element elementor-element-28583375 e-con-full e-flex e-con e-child\" data-id=\"28583375\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-2661672 elementor-widget elementor-widget-image\" data-id=\"2661672\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"40\" height=\"40\" src=\"https:\/\/www.protectimus.com\/wp-content\/uploads\/2024\/07\/4.svg\" class=\"attachment-full size-full wp-image-12909\" alt=\"Step 4 icon\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3067223 elementor-widget elementor-widget-heading\" data-id=\"3067223\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Step 4: Add users and OTP tokens<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6fc372e7 elementor-widget elementor-widget-text-editor\" data-id=\"6fc372e7\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tCreate users and OTP tokens, and assign them to the resource you created earlier. Remember that service users will need logins of the form\u00a0login@domain.com\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9f65fa1 elementor-widget elementor-widget-text-editor\" data-id=\"9f65fa1\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3><b>Typical deployment timeline:<\/b><\/h3><table><thead><tr><th><p><b>Phase<\/b><\/p><\/th><th><p><b>Duration<\/b><\/p><\/th><\/tr><\/thead><tbody><tr><td><p><span style=\"font-weight: 400;\">Platform setup<\/span><\/p><\/td><td><p><span style=\"font-weight: 400;\">1\u20132 hours<\/span><\/p><\/td><\/tr><tr><td><p><span style=\"font-weight: 400;\">DSPA configuration<\/span><\/p><\/td><td><p><span style=\"font-weight: 400;\">1\u20132 hours<\/span><\/p><\/td><\/tr><tr><td><p><span style=\"font-weight: 400;\">Pilot testing<\/span><\/p><\/td><td><p><span style=\"font-weight: 400;\">Several hours<\/span><\/p><\/td><\/tr><tr><td><p><span style=\"font-weight: 400;\">Organization-wide rollout<\/span><\/p><\/td><td><p><span style=\"font-weight: 400;\">Immediate after validation<\/span><\/p><\/td><\/tr><tr><td><p><span style=\"font-weight: 400;\">Total deployment time<\/span><\/p><\/td><td><p><span style=\"font-weight: 400;\">1\u20132 days<\/span><\/p><\/td><\/tr><\/tbody><\/table><p><span style=\"font-weight: 400;\">For ADFS integration specifically, the Protectimus ADFS component can be installed and configured in under 15 minutes using the provided installer and step-by-step guide.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-a9cb282 padded e-flex e-con-boxed e-con e-parent\" data-id=\"a9cb282\" data-element_type=\"container\" id=\"faq\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-7659ffd elementor-widget elementor-widget-heading\" data-id=\"7659ffd\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">FAQ<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-dc81e4c e-con-full padded e-flex e-con e-child\" data-id=\"dc81e4c\" data-element_type=\"container\">\n\t\t<div class=\"elementor-element elementor-element-fb2596d e-con-full faq-container e-flex e-con e-child\" data-id=\"fb2596d\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-412fa06 plus-right elementor-widget elementor-widget-n-accordion\" data-id=\"412fa06\" data-element_type=\"widget\" data-settings=\"{&quot;default_state&quot;:&quot;all_collapsed&quot;,&quot;max_items_expended&quot;:&quot;one&quot;,&quot;n_accordion_animation_duration&quot;:{&quot;unit&quot;:&quot;ms&quot;,&quot;size&quot;:400,&quot;sizes&quot;:[]}}\" data-widget_type=\"nested-accordion.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"e-n-accordion\" aria-label=\"Accordion. Open links with Enter or Space, close with Escape, and navigate with Arrow Keys\">\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-6830\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"1\" tabindex=\"0\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-6830\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> Does Protectimus MFA for Active Directory require installing software on every user's computer? <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"2\" viewBox=\"0 0 24 2\" fill=\"none\"><path d=\"M24 1L5.96046e-08 0.999999\" stroke=\"#111111\" stroke-width=\"2\"><\/path><\/svg><\/span>\n\t\t\t<span class='e-closed'><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"24\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M12 0V24\" stroke=\"#111111\" stroke-width=\"2\"><\/path><path d=\"M24 12L5.96046e-08 12\" stroke=\"#111111\" stroke-width=\"2\"><\/path><\/svg><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-6830\" class=\"elementor-element elementor-element-ea1991a e-con-full e-flex e-con e-child\" data-id=\"ea1991a\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-8bad61c elementor-widget elementor-widget-text-editor\" data-id=\"8bad61c\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">No \u2014 this is one of the key advantages of the Protectimus DSPA approach. Because DSPA integrates at the Active Directory level rather than the endpoint level, no client-side software needs to be installed or maintained on user workstations. The DSPA component is deployed as part of the Protectimus On-Premise Platform on a domain controller or a dedicated server with Active Directory access. Users simply enter the current OTP generated in the authenticator app or delivered via a chatbot. This significantly reduces deployment complexity and ongoing maintenance overhead compared to traditional agent-based MFA solutions.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-6831\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"2\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-6831\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> Can MFA be applied to specific Active Directory groups rather than all users? <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"2\" viewBox=\"0 0 24 2\" fill=\"none\"><path d=\"M24 1L5.96046e-08 0.999999\" stroke=\"#111111\" stroke-width=\"2\"><\/path><\/svg><\/span>\n\t\t\t<span class='e-closed'><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"24\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M12 0V24\" stroke=\"#111111\" stroke-width=\"2\"><\/path><path d=\"M24 12L5.96046e-08 12\" stroke=\"#111111\" stroke-width=\"2\"><\/path><\/svg><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-6831\" class=\"elementor-element elementor-element-b2bdc68 e-con-full e-flex e-con e-child\" data-id=\"b2bdc68\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-f30747e elementor-widget elementor-widget-text-editor\" data-id=\"f30747e\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">Yes. Protectimus DSPA supports group-based MFA policy, allowing administrators to apply two-factor authentication only to specific AD security groups. This is particularly useful for phased rollouts \u2014 starting with IT administrators and privileged users before extending to the entire organization \u2014 or for permanently applying stricter security requirements to high-risk accounts. Users who are not in the MFA-enabled group continue to authenticate with their standard password until they are added to the protected group.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-6832\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"3\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-6832\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> What happens if a user loses their token or authenticator app? <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"2\" viewBox=\"0 0 24 2\" fill=\"none\"><path d=\"M24 1L5.96046e-08 0.999999\" stroke=\"#111111\" stroke-width=\"2\"><\/path><\/svg><\/span>\n\t\t\t<span class='e-closed'><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"24\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M12 0V24\" stroke=\"#111111\" stroke-width=\"2\"><\/path><path d=\"M24 12L5.96046e-08 12\" stroke=\"#111111\" stroke-width=\"2\"><\/path><\/svg><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-6832\" class=\"elementor-element elementor-element-0787040 e-con-full e-flex e-con e-child\" data-id=\"0787040\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-9eb7aff elementor-widget elementor-widget-text-editor\" data-id=\"9eb7aff\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">Protectimus provides several recovery options. Administrators can temporarily disable MFA for a specific user via the admin console, allowing access with the static password while a new token is issued. The Protectimus Smart OTP app supports cloud backup, enabling users to restore their tokens to a new device without administrator intervention. For other token loss, a replacement token can be issued and assigned in the admin console.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-6833\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"4\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-6833\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> Is Protectimus MFA for Active Directory compatible with Azure AD (Entra ID) hybrid environments? <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"2\" viewBox=\"0 0 24 2\" fill=\"none\"><path d=\"M24 1L5.96046e-08 0.999999\" stroke=\"#111111\" stroke-width=\"2\"><\/path><\/svg><\/span>\n\t\t\t<span class='e-closed'><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"24\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M12 0V24\" stroke=\"#111111\" stroke-width=\"2\"><\/path><path d=\"M24 12L5.96046e-08 12\" stroke=\"#111111\" stroke-width=\"2\"><\/path><\/svg><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-6833\" class=\"elementor-element elementor-element-b3373c0 e-con-full e-flex e-con e-child\" data-id=\"b3373c0\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-6ef49d2 elementor-widget elementor-widget-text-editor\" data-id=\"6ef49d2\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">Yes. Organizations running hybrid environments with both on-premise Active Directory and Microsoft Entra ID can use Protectimus to secure the on-premise AD component. Protectimus MFA can also be integrated with AD FS, allowing MFA to be applied to authentication flows that rely on Active Directory federation.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-6834\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"5\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-6834\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> How does Protectimus MFA for Active Directory compare to FIDO2 keys and passkeys? <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"2\" viewBox=\"0 0 24 2\" fill=\"none\"><path d=\"M24 1L5.96046e-08 0.999999\" stroke=\"#111111\" stroke-width=\"2\"><\/path><\/svg><\/span>\n\t\t\t<span class='e-closed'><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"24\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M12 0V24\" stroke=\"#111111\" stroke-width=\"2\"><\/path><path d=\"M24 12L5.96046e-08 12\" stroke=\"#111111\" stroke-width=\"2\"><\/path><\/svg><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-6834\" class=\"elementor-element elementor-element-3e2c10e e-con-full e-flex e-con e-child\" data-id=\"3e2c10e\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-e1ee304 elementor-widget elementor-widget-text-editor\" data-id=\"e1ee304\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">FIDO2 and passkeys are phishing-resistant authentication methods primarily designed for modern web applications and cloud services. They work well for ADFS-federated applications and Microsoft Entra ID scenarios, but have limited native support across legacy on-premise Active Directory entry points \u2014 including Winlogon (especially on older Windows Server versions), RDP, LDAP queries, and command-line AD access. Protectimus DSPA covers all of these uniformly with TOTP-based MFA. Most enterprises in 2026 deploy a layered approach: Protectimus DSPA for broad MFA for Active Directory coverage across all AD-connected services, and FIDO2\/passkeys selectively for high-value cloud applications accessed through ADFS or Entra ID. The two approaches are complementary, not mutually exclusive.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-6835\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"6\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-6835\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> How does Protectimus MFA protect against pass-the-hash and pass-the-ticket attacks? <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"2\" viewBox=\"0 0 24 2\" fill=\"none\"><path d=\"M24 1L5.96046e-08 0.999999\" stroke=\"#111111\" stroke-width=\"2\"><\/path><\/svg><\/span>\n\t\t\t<span class='e-closed'><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"24\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M12 0V24\" stroke=\"#111111\" stroke-width=\"2\"><\/path><path d=\"M24 12L5.96046e-08 12\" stroke=\"#111111\" stroke-width=\"2\"><\/path><\/svg><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-6835\" class=\"elementor-element elementor-element-67bff32 e-con-full e-flex e-con e-child\" data-id=\"67bff32\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-ed5da62 elementor-widget elementor-widget-text-editor\" data-id=\"ed5da62\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">Pass-the-hash (PtH) and pass-the-ticket (PtT) attacks work by capturing authentication tokens or password hashes from memory and replaying them to authenticate without knowing the actual password. Protectimus DSPA significantly raises the bar for these attacks: because the Active Directory password is continuously replaced with a time-based one-time password (TOTP), a captured hash or ticket is only valid for the duration of the current OTP window. An attacker who captures a hash at second 1 of a 30-second window has at most 29 seconds to use it before the password changes and the hash becomes invalid. This dramatically reduces the practical exploitability of these attack techniques compared to environments with static passwords only.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-6836\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"7\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-6836\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> What compliance frameworks does Protectimus AD MFA help satisfy? <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"2\" viewBox=\"0 0 24 2\" fill=\"none\"><path d=\"M24 1L5.96046e-08 0.999999\" stroke=\"#111111\" stroke-width=\"2\"><\/path><\/svg><\/span>\n\t\t\t<span class='e-closed'><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"24\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M12 0V24\" stroke=\"#111111\" stroke-width=\"2\"><\/path><path d=\"M24 12L5.96046e-08 12\" stroke=\"#111111\" stroke-width=\"2\"><\/path><\/svg><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-6836\" class=\"elementor-element elementor-element-a41023b e-con-full e-flex e-con e-child\" data-id=\"a41023b\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-2a36881 elementor-widget elementor-widget-text-editor\" data-id=\"2a36881\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">Protectimus MFA for Active Directory directly addresses MFA requirements in multiple compliance frameworks. NIST SP 800-63B requires multi-factor authentication for systems handling sensitive data. PCI DSS v4.0 (Requirement 8.4) mandates MFA for all access into the cardholder data environment. HIPAA technical safeguards require access controls for systems containing protected health information. SOC 2 Type II commonly requires MFA as part of the logical access controls tested during audit. ISO 27001 Annex A control A.9.4 addresses access control to systems and applications. Protectimus is an OATH-certified solution, which supports compliance claims in environments requiring certified authentication standards.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<script type=\"application\/ld+json\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@type\":\"FAQPage\",\"mainEntity\":[{\"@type\":\"Question\",\"name\":\"Does Protectimus MFA for Active Directory require installing software on every user's computer?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"No \\u2014 this is one of the key advantages of the Protectimus DSPA approach. Because DSPA integrates at the Active Directory level rather than the endpoint level, no client-side software needs to be installed or maintained on user workstations. The DSPA component is deployed as part of the Protectimus On-Premise Platform on a domain controller or a dedicated server with Active Directory access. Users simply enter the current OTP generated in the authenticator app or delivered via a chatbot. This significantly reduces deployment complexity and ongoing maintenance overhead compared to traditional agent-based MFA solutions.\"}},{\"@type\":\"Question\",\"name\":\"Can MFA be applied to specific Active Directory groups rather than all users?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Yes. Protectimus DSPA supports group-based MFA policy, allowing administrators to apply two-factor authentication only to specific AD security groups. This is particularly useful for phased rollouts \\u2014 starting with IT administrators and privileged users before extending to the entire organization \\u2014 or for permanently applying stricter security requirements to high-risk accounts. Users who are not in the MFA-enabled group continue to authenticate with their standard password until they are added to the protected group.\"}},{\"@type\":\"Question\",\"name\":\"What happens if a user loses their token or authenticator app?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Protectimus provides several recovery options. Administrators can temporarily disable MFA for a specific user via the admin console, allowing access with the static password while a new token is issued. The Protectimus Smart OTP app supports cloud backup, enabling users to restore their tokens to a new device without administrator intervention. For other token loss, a replacement token can be issued and assigned in the admin console.\"}},{\"@type\":\"Question\",\"name\":\"Is Protectimus MFA for Active Directory compatible with Azure AD (Entra ID) hybrid environments?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Yes. Organizations running hybrid environments with both on-premise Active Directory and Microsoft Entra ID can use Protectimus to secure the on-premise AD component. Protectimus MFA can also be integrated with AD FS, allowing MFA to be applied to authentication flows that rely on Active Directory federation.\"}},{\"@type\":\"Question\",\"name\":\"How does Protectimus MFA for Active Directory compare to FIDO2 keys and passkeys?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"FIDO2 and passkeys are phishing-resistant authentication methods primarily designed for modern web applications and cloud services. They work well for ADFS-federated applications and Microsoft Entra ID scenarios, but have limited native support across legacy on-premise Active Directory entry points \\u2014 including Winlogon (especially on older Windows Server versions), RDP, LDAP queries, and command-line AD access. Protectimus DSPA covers all of these uniformly with TOTP-based MFA. Most enterprises in 2026 deploy a layered approach: Protectimus DSPA for broad MFA for Active Directory coverage across all AD-connected services, and FIDO2\\\/passkeys selectively for high-value cloud applications accessed through ADFS or Entra ID. The two approaches are complementary, not mutually exclusive.\"}},{\"@type\":\"Question\",\"name\":\"How does Protectimus MFA protect against pass-the-hash and pass-the-ticket attacks?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Pass-the-hash (PtH) and pass-the-ticket (PtT) attacks work by capturing authentication tokens or password hashes from memory and replaying them to authenticate without knowing the actual password. Protectimus DSPA significantly raises the bar for these attacks: because the Active Directory password is continuously replaced with a time-based one-time password (TOTP), a captured hash or ticket is only valid for the duration of the current OTP window. An attacker who captures a hash at second 1 of a 30-second window has at most 29 seconds to use it before the password changes and the hash becomes invalid. This dramatically reduces the practical exploitability of these attack techniques compared to environments with static passwords only.\"}},{\"@type\":\"Question\",\"name\":\"What compliance frameworks does Protectimus AD MFA help satisfy?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Protectimus MFA for Active Directory directly addresses MFA requirements in multiple compliance frameworks. NIST SP 800-63B requires multi-factor authentication for systems handling sensitive data. PCI DSS v4.0 (Requirement 8.4) mandates MFA for all access into the cardholder data environment. HIPAA technical safeguards require access controls for systems containing protected health information. SOC 2 Type II commonly requires MFA as part of the logical access controls tested during audit. ISO 27001 Annex A control A.9.4 addresses access control to systems and applications. Protectimus is an OATH-certified solution, which supports compliance claims in environments requiring certified authentication standards.\"}}]}<\/script>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7534fb4 elementor-widget elementor-widget-html\" data-id=\"7534fb4\" data-element_type=\"widget\" data-widget_type=\"html.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<script type=\"application\/ld+json\">\r\n{\r\n  \"@context\": \"https:\/\/schema.org\",\r\n  \"@type\": \"HowTo\",\r\n  \"name\": \"How to Set Up MFA for Active Directory with Protectimus\",\r\n  \"description\": \"Step-by-step setup of multi-factor authentication for Active Directory using Protectimus: registration, payment plan activation, resource creation, and user\/token assignment. Full end-to-end deployment typically takes 1\u20132 days.\",\r\n  \"totalTime\": \"PT2H\",\r\n  \"estimatedCost\": {\r\n    \"@type\": \"MonetaryAmount\",\r\n    \"currency\": \"USD\",\r\n    \"value\": \"0\"\r\n  },\r\n  \"supply\": [\r\n    {\r\n      \"@type\": \"HowToSupply\",\r\n      \"name\": \"Microsoft Active Directory or another LDAP-compatible directory\"\r\n    },\r\n    {\r\n      \"@type\": \"HowToSupply\",\r\n      \"name\": \"Administrative access to the directory\"\r\n    },\r\n    {\r\n      \"@type\": \"HowToSupply\",\r\n      \"name\": \"Server or private cloud meeting Protectimus On-Premise Platform requirements\"\r\n    }\r\n  ],\r\n  \"tool\": [\r\n    {\r\n      \"@type\": \"HowToTool\",\r\n      \"name\": \"Protectimus On-Premise Platform\"\r\n    },\r\n    {\r\n      \"@type\": \"HowToTool\",\r\n      \"name\": \"Protectimus DSPA component\"\r\n    },\r\n    {\r\n      \"@type\": \"HowToTool\",\r\n      \"name\": \"Protectimus Smart OTP app or Protectimus Bot\"\r\n    }\r\n  ],\r\n  \"step\": [\r\n    {\r\n      \"@type\": \"HowToStep\",\r\n      \"position\": 1,\r\n      \"name\": \"Register with Protectimus\",\r\n      \"text\": \"Register with the Protectimus 2FA cloud service. Follow the registration link, fill out the registration form, and confirm your email address.\",\r\n      \"url\": \"https:\/\/protectimus.com\/mfa-for-active-directory\/#step-1\",\r\n      \"image\": \"https:\/\/protectimus.com\/wp-content\/uploads\/2024\/07\/1.svg\"\r\n    },\r\n    {\r\n      \"@type\": \"HowToStep\",\r\n      \"position\": 2,\r\n      \"name\": \"Activate a payment plan\",\r\n      \"text\": \"To use the Protectimus SaaS platform and enable the API, activate a payment plan. Navigate to the Payment plans section of your account.\",\r\n      \"url\": \"https:\/\/protectimus.com\/mfa-for-active-directory\/#step-2\",\r\n      \"image\": \"https:\/\/protectimus.com\/wp-content\/uploads\/2024\/07\/2.svg\"\r\n    },\r\n    {\r\n      \"@type\": \"HowToStep\",\r\n      \"position\": 3,\r\n      \"name\": \"Create a resource\",\r\n      \"text\": \"Resources are used to logically group users and OTP tokens. To create a resource, click Resources in your account menu on the left, then click Add resource at the top of the table.\",\r\n      \"url\": \"https:\/\/protectimus.com\/mfa-for-active-directory\/#step-3\",\r\n      \"image\": \"https:\/\/protectimus.com\/wp-content\/uploads\/2024\/07\/3.svg\"\r\n    },\r\n    {\r\n      \"@type\": \"HowToStep\",\r\n      \"position\": 4,\r\n      \"name\": \"Add users and OTP tokens\",\r\n      \"text\": \"Create users and OTP tokens, and assign them to the resource you created earlier. Service users will need logins in the format login@domain.com.\",\r\n      \"url\": \"https:\/\/protectimus.com\/mfa-for-active-directory\/#step-4\",\r\n      \"image\": \"https:\/\/protectimus.com\/wp-content\/uploads\/2024\/07\/4.svg\"\r\n    }\r\n  ]\r\n}\r\n<\/script>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-fe2c5b0 padded e-flex e-con-boxed e-con e-parent\" data-id=\"fe2c5b0\" data-element_type=\"container\" id=\"conclusion\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-e4ec716 e-con-full e-flex e-con e-child\" data-id=\"e4ec716\" data-element_type=\"container\">\n\t\t<div class=\"elementor-element elementor-element-35746bf e-con-full e-flex e-con e-child\" data-id=\"35746bf\" data-element_type=\"container\">\n\t\t<div class=\"elementor-element elementor-element-489bd70 e-con-full e-flex e-con e-child\" data-id=\"489bd70\" data-element_type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-10cf0aa elementor-widget elementor-widget-heading\" data-id=\"10cf0aa\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Conclusion: Securing Active Directory with MFA in 2026<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6c0eeb4 elementor-widget elementor-widget-text-editor\" data-id=\"6c0eeb4\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">Active Directory is the most critical identity infrastructure component in most enterprise environments \u2014 and it is consistently among the top targets for attackers. Password-only protection for AD is no longer a viable security posture in 2026, when credential theft, phishing, and sophisticated attacks like pass-the-hash and Kerberoasting are standard tools in every attacker&#8217;s playbook.<\/span><\/p><p><span style=\"font-weight: 400;\">Protectimus two-factor authentication for AD, powered by the DSPA (Dynamic Strong Password Authentication) technology, solves the core challenges that have historically made AD 2FA difficult to deploy:<\/span><\/p><ul><li style=\"font-weight: 400;\" aria-level=\"1\"><b>Single integration, full coverage<\/b><span style=\"font-weight: 400;\"> \u2014 one DSPA installation protects all AD-connected services automatically<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><b>No endpoint agents<\/b><span style=\"font-weight: 400;\"> \u2014 no software to deploy, maintain, or update on user machines<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><b>Flexible deployment<\/b><span style=\"font-weight: 400;\"> \u2014 on-premise or private cloud to meet any compliance requirement<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><b>Enterprise-ready<\/b><span style=\"font-weight: 400;\"> \u2014 multidomain support, clustering, replication, and group-based policies<\/span><\/li><li style=\"font-weight: 400;\" aria-level=\"1\"><b>Compliance-aligned<\/b><span style=\"font-weight: 400;\"> \u2014 OATH-certified, addresses PCI DSS, HIPAA, NIST, and ISO 27001 requirements<\/span><\/li><\/ul><p><span style=\"font-weight: 400;\">Whether you are protecting a 50-user SMB or a 50,000-user enterprise with a complex multidomain forest, Protectimus provides a proven, practical path to securing Active Directory with MFA.<\/span><\/p><p><b>Ready to secure your Active Directory environment?<\/b><\/p><p><span style=\"font-weight: 400;\"><a href=\"https:\/\/www.protectimus.com\/ru\/contact-us\/\" target=\"_blank\" rel=\"noopener\">Request a free demo<\/a> or contact Protectimus \u2014 our team will assess your AD environment and recommend the right deployment approach for your organization.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-a3f81ec e-con-full contact-us-bg e-flex e-con e-child\" data-id=\"a3f81ec\" data-element_type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t<div class=\"elementor-element elementor-element-fb3d121 elementor-widget elementor-widget-shortcode\" data-id=\"fb3d121\" data-element_type=\"widget\" data-widget_type=\"shortcode.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-shortcode\">\t\t<div data-elementor-type=\"container\" data-elementor-id=\"14847\" class=\"elementor elementor-14847 elementor-3585\" data-elementor-post-type=\"elementor_library\">\n\t\t\t\t<div class=\"elementor-element elementor-element-3a82e0d1 e-con-full e-flex e-con e-child\" data-id=\"3a82e0d1\" data-element_type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t<div class=\"elementor-element elementor-element-b4de036 elementor-widget elementor-widget-image\" data-id=\"b4de036\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"370\" height=\"370\" src=\"https:\/\/www.protectimus.com\/wp-content\/uploads\/2024\/05\/contact-seal.svg\" class=\"attachment-full size-full wp-image-12951\" alt=\"Send Us A Message icon\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1bc85d61 elementor-widget elementor-widget-heading\" data-id=\"1bc85d61\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">\u041e\u0442\u043f\u0440\u0430\u0432\u044c\u0442\u0435 \u043d\u0430\u043c \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cf09046 elementor-widget elementor-widget-shortcode\" data-id=\"cf09046\" data-element_type=\"widget\" data-widget_type=\"shortcode.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-shortcode\">\n<div class=\"wpcf7 no-js\" id=\"wpcf7-f11990-o1\" lang=\"ru-RU\" dir=\"ltr\" data-wpcf7-id=\"11990\">\n<div class=\"screen-reader-response\"><p role=\"status\" aria-live=\"polite\" aria-atomic=\"true\"><\/p> <ul><\/ul><\/div>\n<form action=\"\/ru\/wp-json\/wp\/v2\/pages\/16711#wpcf7-f11990-o1\" method=\"post\" class=\"wpcf7-form init\" aria-label=\"\u041a\u043e\u043d\u0442\u0430\u043a\u0442\u043d\u0430\u044f \u0444\u043e\u0440\u043c\u0430\" novalidate=\"novalidate\" data-status=\"init\">\n<fieldset class=\"hidden-fields-container\"><input type=\"hidden\" name=\"_wpcf7\" value=\"11990\" \/><input type=\"hidden\" name=\"_wpcf7_version\" value=\"6.1.2\" \/><input type=\"hidden\" name=\"_wpcf7_locale\" value=\"ru_RU\" \/><input type=\"hidden\" name=\"_wpcf7_unit_tag\" value=\"wpcf7-f11990-o1\" \/><input type=\"hidden\" name=\"_wpcf7_container_post\" value=\"0\" \/><input type=\"hidden\" name=\"_wpcf7_posted_data_hash\" value=\"\" \/>\n<\/fieldset>\n<div class=\"protectimus-form\">\n\n<div class=\"row\">\n    <div class=\"col\">\n        <span class=\"wpcf7-form-control-wrap\" data-name=\"uname\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-text wpcf7-validates-as-required\" aria-required=\"true\" aria-invalid=\"false\" placeholder=\"\u0418\u043c\u044f\" value=\"\" type=\"text\" name=\"uname\" \/><\/span>\n    <\/div>\n<\/div>\n\n<div class=\"row\">\n    <div class=\"col\">\n        <span class=\"wpcf7-form-control-wrap\" data-name=\"email\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-email wpcf7-validates-as-required wpcf7-text wpcf7-validates-as-email\" aria-required=\"true\" aria-invalid=\"false\" placeholder=\"Email\" value=\"\" type=\"email\" name=\"email\" \/><\/span>\n    <\/div>\n<\/div>\n\n<div class=\"row\">\n    <div class=\"col\">\n        <span class=\"wpcf7-form-control-wrap\" data-name=\"subject\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-text wpcf7-validates-as-required\" aria-required=\"true\" aria-invalid=\"false\" placeholder=\"\u0422\u0435\u043c\u0430\" value=\"\" type=\"text\" name=\"subject\" \/><\/span>\n    <\/div>\n<\/div>\n\n<div class=\"row\">\n    <div class=\"col\">\n        <span class=\"wpcf7-form-control-wrap\" data-name=\"message\"><textarea cols=\"40\" rows=\"1\" maxlength=\"2000\" class=\"wpcf7-form-control wpcf7-textarea wpcf7-validates-as-required\" aria-required=\"true\" aria-invalid=\"false\" placeholder=\"\u0421\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435\" name=\"message\"><\/textarea><\/span>\n    <\/div>\n<\/div>\n\n<div class=\"row\">\n    <div class=\"col mb-2\">\n        <input class=\"wpcf7-form-control wpcf7-submit has-spinner\" type=\"submit\" value=\"\u041e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c\" \/>\n    <\/div>\n<\/div>\n\n<\/div><div class=\"wpcf7-response-output\" aria-hidden=\"true\"><\/div>\n<\/form>\n<\/div>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-2b9546a e-grid e-con-full equal-height equal-height-mob e-con e-child\" data-id=\"2b9546a\" data-element_type=\"container\">\n\t\t<a target=\"_blank\" target=\"_blank\" class=\"elementor-element elementor-element-cd07253 e-con-full four-link e-flex e-con e-child\" data-id=\"cd07253\" data-element_type=\"container\" href=\"https:\/\/service.protectimus.com\/en\/register\">\n\t\t\t\t<div class=\"elementor-element elementor-element-3d2527b eq-height elementor-widget elementor-widget-heading\" data-id=\"3d2527b\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-heading-title elementor-size-default\">Start free trial<\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0bdcfdb elementor-widget elementor-widget-image\" data-id=\"0bdcfdb\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"28\" height=\"26\" src=\"https:\/\/www.protectimus.com\/wp-content\/uploads\/2024\/02\/icon-arrow-big.svg\" class=\"attachment-full size-full wp-image-14551\" alt=\"Arrow icon\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/a>\n\t\t<a class=\"elementor-element elementor-element-cd18ec0 e-con-full four-link e-flex e-con e-child\" data-id=\"cd18ec0\" data-element_type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\" href=\"https:\/\/www.protectimus.com\/ru\/contact-us\/\">\n\t\t\t\t<div class=\"elementor-element elementor-element-089ffcb eq-height elementor-widget elementor-widget-heading\" data-id=\"089ffcb\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-heading-title elementor-size-default\">Contact sales<\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4909302 elementor-widget elementor-widget-image\" data-id=\"4909302\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"28\" height=\"26\" src=\"https:\/\/www.protectimus.com\/wp-content\/uploads\/2024\/02\/icon-arrow-big.svg\" class=\"attachment-full size-full wp-image-14551\" alt=\"Arrow icon\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/a>\n\t\t<a class=\"elementor-element elementor-element-60a0ab3 e-con-full four-link e-flex e-con e-child\" data-id=\"60a0ab3\" data-element_type=\"container\" href=\"https:\/\/www.protectimus.com\/ru\/pricing\/\">\n\t\t\t\t<div class=\"elementor-element elementor-element-caf7329 eq-height elementor-widget elementor-widget-heading\" data-id=\"caf7329\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-heading-title elementor-size-default\">Pricing details<\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4610902 elementor-widget elementor-widget-image\" data-id=\"4610902\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"28\" height=\"26\" src=\"https:\/\/www.protectimus.com\/wp-content\/uploads\/2024\/02\/icon-arrow-big.svg\" class=\"attachment-full size-full wp-image-14551\" alt=\"Arrow icon\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/a>\n\t\t<a class=\"elementor-element elementor-element-a0fbc4a e-con-full four-link e-flex e-con e-child\" data-id=\"a0fbc4a\" data-element_type=\"container\" href=\"https:\/\/www.protectimus.com\/ru\/guides\/saas-service\/\">\n\t\t\t\t<div class=\"elementor-element elementor-element-78353c4 eq-height elementor-widget elementor-widget-heading\" data-id=\"78353c4\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-heading-title elementor-size-default\">Integration guides<\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-099691d elementor-widget elementor-widget-image\" data-id=\"099691d\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"28\" height=\"26\" src=\"https:\/\/www.protectimus.com\/wp-content\/uploads\/2024\/02\/icon-arrow-big.svg\" class=\"attachment-full size-full wp-image-14551\" alt=\"Arrow icon\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>MFA for Active Directory: Complete Guide to Securing Your AD Environment Active Directory is the backbone of identity management in over 90% of Fortune 1000 companies \u2014 and it is also one of the most targeted systems in modern cyberattacks. A compromised AD account gives attackers access to everything: file servers, email, VPNs, cloud services, [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"class_list":["post-16711","page","type-page","status-publish","hentry"],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.protectimus.com\/ru\/wp-json\/wp\/v2\/pages\/16711","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.protectimus.com\/ru\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.protectimus.com\/ru\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.protectimus.com\/ru\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.protectimus.com\/ru\/wp-json\/wp\/v2\/comments?post=16711"}],"version-history":[{"count":85,"href":"https:\/\/www.protectimus.com\/ru\/wp-json\/wp\/v2\/pages\/16711\/revisions"}],"predecessor-version":[{"id":17098,"href":"https:\/\/www.protectimus.com\/ru\/wp-json\/wp\/v2\/pages\/16711\/revisions\/17098"}],"wp:attachment":[{"href":"https:\/\/www.protectimus.com\/ru\/wp-json\/wp\/v2\/media?parent=16711"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}