DualShield MFA for Outlook Anywhere can be deployed in 2 ways, Zero-footprint and Add-on, depending on the requirements of security, usability and the authentication methods.
In the zero-footprint deployment, Outlook users do not need to install any additional software on their PCs or workstations. When users attempt to access the on-premises Exchange server using the Outlook client on a PC, two-factor authentication will take place. The first factor is the user's AD password, and the second factor is the user's machine fingerprint. In other words, both the user and the machine will be verfieid. Therefore, not only is it a zero-footprint MFA solution, it is also a very secure MFA solution for Outlook Anywhere.
Using machine fingerprint as the 2nd factor ensures that only machines registered by the user and approved by the user's organisation are allowed to access the on-premises Exchange server. Once a machine is registered and approved, the machine fingerprint verification process is automatic and hidden from the user. It is a two-factor authentication process that does not require user intervention. Therefore, not only is it a secure MFA solution, it is also a very user-friendly MFA solution for Outlook Anywhere.