DualShield MFA for Outlook Anywhere can be deployed in 2 ways, Zero-footprint and Add-on, depending on the requirements of security, usability and the authentication methods.
In the zero-footprint deployment, Outlook users do not need to install any additional software on their PCs or workstations. When users attempt to access the on-premises Exchange server using the Outlook client on a PC, two-factor authentication will take place. The first factor is the user's AD password, and the second factor is the user's machine fingerprint. In other words, both the user and the machine will be verified. Therefore, not only is it a zero-footprint MFA solution, it is also a very secure MFA solution for Outlook Anywhere.
Using machine fingerprint as the 2nd factor ensures that only machines registered by the user and approved by the user's organisation are allowed to access the on-premises Exchange server. Once a machine is registered and approved, the machine fingerprint verification process is automatic and hidden from the user. It is a two-factor authentication process that does not require user intervention. Therefore, not only is it a secure MFA solution, it is also a very user-friendly MFA solution for Outlook Anywhere.
If you need to verify users by credentials or factors other than the machine fingerprint, then you can implement the "Add-on" solution. In the Add-on deployment, Outlook users are required to install an Outlook MFA add-on module on their PCs. When users attempt to access the on-premises Exchange server using the Outlook client on a PC, a two-factor authentication window will be prompted, and users will be able to select the authentication factor and submit their credentials to be verified.
The Outlook MFA add-on enables Outlook to use all of authentication methods supported by the DualShield MFA platform such as one-time password by hard and soft tokens, SMS code, mobile push authentication etc.