Offline MFA Enrolled Machines Report

    This report generates the list of devices enrolled by users for offline MFA using ADSelfService Plus during machine logins. It provides administrators with visibility into offline authentication configurations, enabling proper management of MFA capabilities for environments with intermittent or no network connectivity while maintaining security standards.

    How it works

    Offline MFA enables users to authenticate during machine logins even when the workstation has no network connectivity to the ADSelfService Plus server. This report queries the ADSelfService Plus database to retrieve information about all machines where users have enrolled for offline MFA capabilities. It displays enrollment details including machine names, operating systems, enrolled users, and enrollment status, enabling administrators to monitor which devices have cached authentication credentials for offline operations.

    Limitations: When administrators disenroll a machine from offline MFA, the changes are not applied immediately. The disenrollment becomes effective only when the machine reconnects to the ADSelfService Plus server.

    Prerequisite: You must have administrator or technician-level access to the ADSelfService Plus portal to generate and view reports.

    Generating the Offline MFA Enrolled Machines Report

    Offline MFA Enrolled Machines Report
    1. Log in to the ADSelfService Plus admin portal with administrator or operator privileges.
    2. Navigate to Reports > MFA Reports > Offline MFA Enrolled Machines Report.
    3. Specify the domain in which to search using the Select Domain option.
    4. Specify OUs (if necessary) using the Select OUs option.
    5. Click Generate to generate the report.

    Managing Offline MFA Enrollment

    Disenrollment

    The Disenroll option is displayed upon selecting any entry in the report. It can be used to remove offline MFA enrollment for the specified machines.

    Note: If a user under a policy for which offline MFA is enabled accesses the disenrolled machine again, the enrollment flow is re-initiated.

    Customizing the Offline MFA Enrolled Machines Report

    Sorting

    Click on any of the column headers to view the report's entries in ascending or descending order.

    Searching

    • Click on the search icon [ ] in order to search for specific data in the report.
    • Specific users can be searched for using their sAMAccountName, Operating System, or Machine Name.
    • Searching happens using the criteria ' contains '. For example, if the username column is searched for the word " jack " , then all usernames containing the sequence " jack " will be displayed as a result.

    Automating the Offline MFA Enrolled Machines Report

    • The Schedule Reports option can be used to schedule the generation of reports at specified intervals, and automatically email them to administrators or specific email addresses. Learn to schedule reports here.

    Exporting the Offline MFA Enrolled Machines Report

    • The Export As option at the right corner of the page helps export the report in CSV, PDF, XLS, XLSX, HTML and CSVDE formats.

    Tips

    • The More option at the right corner of the page lists the Printable View, Send Mail, and Export Settings options.
      • The Printable View option can be used to preview and print the report.
      • The Send Mail option can be used to mail the report to the desired email addresses.
      • Additionally, you can configure custom Export Settings, such as a personalized title for the report and a header logo that you may wish to display on each page.