Specify Active Directory users that require multi-factor authentication on Windows login (when the agent is not joined to a zone)

Specify the Active Directory users that require multi-factor authentication on Windows login when the agent is not joined to a zone.

The user name can be specified in any of the following formats:
- sAMAccountName
- sAMAccountName@domain.com
(specify the domain if the account is not in the current domain)
- UPN
- * (this includes all AD users)

You can enter the list of users separated by comma, for example:
joe, janedoe, user1, user2@domain.com

By default no Active Directory user require multi-factor authentication.

Supported on:

AD users that require multi-factor authentication (enter the comma-separated user or group names, e.g. user1@domain.com, group1@domain.com, or use * to include all AD users):

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Centrify\DirectAuthorize\Agent
Value NameZonelessMfaUsers
Value TypeREG_SZ
Default Value

centrify_windows_settings.admx

Administrative Templates (Computers)

Administrative Templates (Users)