Specops Secure Access
MFA for Windows logon, RDP and VPN to reduce credential attacks.
"When Active Directory environments need an AD-native MFA layer for local and remote access, including offline scenarios."
Protect Windows logon, RDP and VPN with multi-factor authentication
Password attacks against Active Directory remain a common intrusion vector. Organisations with on‑prem or hybrid AD, legacy line‑of‑business apps and distributed workforces risk account takeover when Windows logon, RDP or VPN rely on passwords alone.
Where Specops Secure Access is used
Protect interactive Windows logons by requiring a second factor at the desktop unlock and logon screens to reduce lateral movement after credential theft.
Harden remote access by enforcing MFA for RDP sessions and RADIUS VPN connections, and provide offline OTP and hardware token options so remote or disconnected users can still authenticate.
Extend AD‑based authentication to selected SaaS applications using OIDC or SAML for centralised access control and reduce the number of separate identity providers.
Fits within these solutions
Delivery & deployment
Suitable environments
Specops Secure Access fits organisations running on‑premises Active Directory or hybrid AD that need MFA at the OS level and for RADIUS‑based VPNs. It requires a Windows Server Gatekeeper connected to AD and domain‑joined Windows 10/11 clients with the Specops Client installed.
The solution integrates with existing tooling via the Specops Event API for SIEM/SOC visibility, supports multiple Gatekeepers for redundancy, and pairs with other Specops products like Password Policy and uReset for a broader AD security posture.
Benefits
Reduce credential attacks
Adds a second factor to make credential theft less likely to lead to account takeover.
Maintain access offline
OTP and hardware token support keeps users productive during network interruptions.
Harden remote access
MFA for RDP and VPN reduces risk from exposed remote access endpoints.
Support compliance
Helps satisfy common regulatory and cyber insurance controls by enforcing MFA and logging events.
Centralised access
SSO and AD‑centric authentication reduce the number of external identity providers to manage.
Event visibility
Forwarded events provide context for investigations and security tooling.
Capabilities
Windows logon MFA
RDP multi-factor
RADIUS VPN MFA
Offline authentication
Mobile biometrics
SSO via OIDC/SAML
SIEM event export
GPO targeting
Applications
Protect on‑prem Windows
Add MFA to desktop logons in organisations running on‑premises Active Directory.
Secure remote workforce
Enforce MFA for staff connecting via RDP or VPN across distributed offices and home locations.
Offline remote sites
Enable authentication at branch or field locations with intermittent connectivity using OTP or hardware tokens.
SSO for SaaS
Use AD‑centric authentication to provide SSO to supported SaaS apps with OIDC/SAML.
Cyber insurance readiness
Demonstrate MFA and logging controls to satisfy insurance and regulatory expectations.
SIEM correlation
Feed authentication events to SIEM for correlation and investigation by internal teams.
Regulated industry fit
Suitable for finance, healthcare and public sector organisations needing stronger AD controls.
How we help
Armstrong can assist with implementing Gatekeepers, configuring GPO targeting and enrolling users. We often support configuration of MFA methods, offline OTP setup, RADIUS integration for VPN/RDP, and SIEM event forwarding. Armstrong may help validate client deployments, run acceptance testing, and provide documentation and handover to your internal IT team. We do not operate customer environments; ongoing monitoring and incident handling remain the customer's responsibility.