DualShield MFA for Outlook Anywhere can be deployed in 2 ways, Device Based and Agent Based, depending on the requirements of security, usability and the authentication methods.
In the device based deployment, the user's device is used as the 2nd factor. Every device can be identified and verified by its unique device ID or device fingerprint. Using device based MFA, Outlook users do not need to install any additional software on their PCs or workstations. Therefore, device based MFA solution is zero footprint, easy to implement, deploy and maintain.
When users attempt to access the on-premise Exchange server using the Outlook client on a PC, two-factor authentication will take place. The first factor is the user's AD password, and the second factor is the user's machine fingerprint. In other words, both the user and the machine will be verified. Therefore, not only is it a zero-footprint MFA solution, it is also a very secure MFA solution for Outlook Anywhere.
Using machine fingerprint as the 2nd factor ensures that only machines registered by the user and approved by the user's organisation are allowed to access the on-premise Exchange server. Once a machine is registered and approved, the machine fingerprint verification process is automatic and hidden from the user. It is a two-factor authentication process that does not require user intervention. Therefore, not only is it a secure MFA solution, it is also a very user-friendly MFA solution for Outlook Anywhere.
If you need to verify users by credentials or factors other than the machine fingerprint, then you can implement the "Agent Based" solution.
In the Agent Based deployment, Outlook users are required to install an Outlook MFA add-on module on their PCs. When users attempt to access the on-premise Exchange server using the Outlook client on a PC, a two-factor authentication window will be prompted, and users will be able to select the authentication factor and submit their credentials to be verified.
The Outlook MFA add-on enables Outlook to use all of authentication methods supported by the DualShield MFA platform such as one-time password by hard and soft tokens, SMS code, mobile push authentication etc.