I just wanted to know if there were other organizations that are facing similar issues with the MFA requirement for CJI assessing devices. https://www.police1.com/cybersecurity/3-ways-to-meet-the-new-cjis-mfa-requirements
We have a department trying to implement this change with certain workstations. We are trying Duo authentication for Windows logon and facing a couple dilemmas given the connection type with some of these (some being internet connect, others not as such). We've looked at Duo tokens and Yubikeys which seem to work alright. It will create a challenge of users keeping up with it (if they don't utilize the Duo app). Will tokens only work on online devices? Is there any way to set up a proxy to bypass the use for this?
Just wanted to see if anyone was in a similar predicament or had suggestions before the Oct 1 deadline.