Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Windows Endpoint Protection - Passwordless MFA (online and offline)

            Created by Chris Canfield, Modified on Thu, 30 Oct at 8:38 AM by Chris Canfield

            Overview


            TraitWare offers Windows Endpoint protection with passwordless MFA to Windows devices. This uses the TraitWare Windows agent installed on Windows devices and the TraitWare mobile authentication app. The TraitWare Windows login supports both online and offline access as well as Entra ID and local accounts.


            Users can have passwordless access to multiple machines and multiple accounts on each machine. Additionally, alias user relationships can be created, which allows multiple users to access the same account on one machine while retaining attribution (logging who signed in).


            The agent may be deployed to Windows devices via Intune or using other Remote Machine Management (RMM) tools. It may also be installed manually. Once the agent is installed on the user machine, the user enters a Windows credential and a one-time code to register. The user then authenticates to the TraitWare mobile app and scans a QR code on the Windows machine to log in with passwordless MFA.



            TABLE OF CONTENTS



            Prerequisites


            TraitWare Passwordless MFA is supported for the following Windows versions.

            • Windows 10/11
            • Windows Server 2016/2019/2022


            To use TraitWare Passwordless MFA for Windows, users must have an existing TraitWare user and have a registered TraitWare mobile authenticator app.


            For Entra ID users, the machine must be joined to a domain to register and log in using an Entra ID user.


            For local accounts, a local account must already exist on the machine to register a local user.




            Deploy Windows Endpoint Agent


            There are two ways to deploy the TraitWare Endpoint Agent

            • Upload the MSI file to Intune or a Remote Machine Management (RMM) tool and set distribution policies.
            • Install the Windows agent manually using the installer on individual machines.


            See Deploy TraitWare Windows Endpoint Protection Agent Using Intune for steps to deploy via Intune.




            Stage User Deployment


            Navigate to the TraitWare Admin Console and log in.


            Select Deploy Endpoints under the Microsoft menu item.  Click Stage Deployment.


            Select individual users or an existing Group of users.



            The one-time activation code may be sent individually to a user by selecting the three dots on the right of a row. It can be sent via email or copied and given out securely.



            For multiple users, activations can be sent in bulk via Email or SMS.





            User Registration


            There are two types of user registrations available: Entra ID and Local User.


            • Entra ID users register with their Entra ID email address and password.
            • Local users register using the local account name, the local credential, and their TraitWare email address 


            The TraitWare registration screen will be available after the agent is installed on the Windows device.


            Entra ID Registration


            For Entra ID users, select Entra ID User from the dropdown menu.



            Enter the email address, the Entra ID password associated with that user, and the one-time activation code that was sent the user. Click enter or the arrow to register.



            Local User Registration


            For Local users select the local account name.  



            Enter the Local password and registration code.



            Add Additional Users


            Additional Entra ID and Local users can be added to the Windows Endpoint.


            Note: no activation code is required to add additional Entra ID or Local users. After a first user is registered, other users may be added as needed without staging them in the TraitWare console.


            To add an additional Entra ID or Local user, select Add new user from the dropdown.



            To register an additional Entra ID user, select Entra ID User in the dropdown. Enter the Entra ID email and password. Note: do not select an Entra ID email in the dropdown if one is visible. Select 'Entra ID User'.



            To register an additional Local user, select the local account username in the dropdown. Enter the TraitWare email associated with the user and the Windows local password for that user.



            The added user can now log in to Windows by scanning the QR code.



            Online Login


            After a user is registered, the Log in option is available. Click the arrow to begin a TraitWare login.



            Authenticate to the TraitWare mobile app and scan the QR code.



            In the TraitWare mobile app, one or more accounts associated with that Windows machine may be available. Select the desired user to sign in and click Continue.



            The user is signed in to the Windows machine.




            Offline Login


            TraitWare Windows MFA also works in cases where there is no internet connection. The Windows machine may be offline or both the Windows machine and mobile device may be offline.


            Note 1: To use offline mode, a user must first sign in one time in online mode.


            Note 2: TraitWare MFA Offline access is only available to Single Users.  Multiple Users (Alias users) cannot utilize TraitWare Offline access.



            When offline, the TraitWare Windows agent will enter offline mode. Click OK.



            Select an available Offline user from the dropdown menu.


            Scan the QR code with the TraitWare mobile app and enter the code displayed in the app.



            The Offline Login Code is displayed in the app after scanning the QR code.



            The user is signed in to the Windows account offline.




            Windows Endpoint Management


            When registered, all Windows endpoints will display in the Windows Endpoints menu. Quickly search for individual machines by name, manufacturer, or OS.


            All registered Windows endpoints display in the Windows Endpoints menu.



            Select individual endpoints to display System Information for the machine and Users attached to the machine. User account type is listed as Entra ID or Local.



            User access can be disabled or the user can be removed entirely from a machine.



            To see registered endpoints for an individual user, navigate to the Endpoint Access tab in the User record. Click the Gear Icon to navigate to the endpoint




            Disable Other Credential Providers


            Windows can be configured to only allow TraitWare Passwordless MFA log in. This is done by turning off all other login options.  This can strengthen the security of the device and helps to prevent unauthorized login access.


            For information on how to configure TraitWare Only Login settings, see: Disable Other Credential Providers.




            For any questions, email support@traitware.com.



















            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0