We did the setup for Microsoft Direct Access for our customer to access our network outside the office.
Our local domain policy does require a 10 character long password for our accounts and some of our user does put a post it on their laptop with the password. Is there a way to add an MFA to the Direct Access tunnel before it`s being initiate ? I`m looking for a way to secure the workstation/laptop (for the user who leaves their password on their laptop) and I cannot apply Azure MFA at the login screen of Windows 10.
In the best world possible it would be conditional access with Azure MFA at Windows 10 login but it cannot be done at this point in time from what I saw in different forums.
Any tough?