ManageEngine has released MFA for Windows User Account Control (UAC) prompts that require credentials for added security.
ManageEngine is the enterprise IT management division of Zoho Corporation and offers ADSelfService Plus, an identity security solution with MFA, SSO and self-service password management capabilities.
The new Windows UAC prompts are available as part of ADSelfService Plus' Endpoint MFA add-on.
Citing a recent report by Verizon, the company notes that stolen credentials account for up to 40% of data breaches, adding that MFA remains one of the best methods for mitigating credential theft.
Further, logins to machines, as well as VPNs and cloud applications, are usually considered when implementing MFA to protect the enterprise network. However, comprehensive security policies do not stop with just login protection.
UAC prompts, especially when run as administrator prompts, are another significant function that requires protection because these prompts give non-privileged user accounts privileged permissions to carry out tasks they would not be able to do otherwise.
NIST SP 800-171 mandates using MFA to protect local and network access to privileged accounts, which includes UAC prompts.
Moreover, the number of cyber liability insurance providers is increasing, and they are also putting in place MFA for all network access attempts as a prerequisite for insurance eligibility or renewal.
"When implementing MFA for a stringent security framework like Zero Trust, enterprises must leave no stone unturned," says Parthiban Paramasivam, Product Management Director, ADSelfService Plus.
"Protecting UAC prompts with MFA is crucial, as misuse of administrator credentials can provide elevated permissions into the domain network and lead to sensitive data exposure and theft.
"ADSelfService Plus helps secure UAC prompts and thwarts bad actors from gaining privileged domain access, without disrupting the workflow of genuine users."
ADSelfService Plus supports up to 18 different authentication methods for its MFA feature, allowing admins to use various options, including biometrics, TOTP and hardware keys, and tailor the solution to fit individual enterprise requirements.
In addition, ADSelfService Plus' MFA feature includes automated adaptation of authentication policies based on the user's time of access, geolocation, IP address and device, and in-depth reports to track authentication attempts and failures.
As well as offering UAC, ADSelfService Plus helps protect machine logins on Windows, Linux, and macOS, VPNs and other network endpoints using RADIUS, and OWA and other IIS web applications using MFA.
The solution also helps enforce advanced password policies that go a step above the existing domain password policy through rules like banned use of palindromes, patterns and dictionary words.
MFA for UAC is available immediately in the latest edition of ADSelfService Plus as part of the Endpoint MFA add-on available for its Standard and Professional editions.
Pricing for the Endpoint MFA add-on of ADSelfService Plus starts at US $395 annually for 500 users.
Pricing for the Standard edition starts at US $595, with the Professional edition beginning at US $1,195.
ADSelfService Plus also offers a Free edition for up to 50 users, which includes major features of the product, such as SSO, self-service password management, password expiration notifications and advanced password policies.