2 Factor Authentication (2FA) requirement for external (to company) connections
Hi, i see now that i can enforce all the users in my company Teamviewer (TV) account to use 2FA. This is a real step forward to ISO270001/SOC compliance helping to avert my need to move to a different solution. But i still have a significent gap that hopefully one of you will know a way around. We use TV profiles and in particular whitelists to limit what external support partners (3rd parties with their own TV accounts) to connect to our TV endpoints and limit what they can do while on there. This works really well. So here's the problem and question:
How an can i deny connections to these endpoints for these 3rd parties if they are using a TV account that is not using 2FA? Without 2FA the chances of their accounts being comprimised increases significently and i don't want them connecting to our network resources unless 2FA is in use.
BTW i am aware of the 2FA feature configurable on the TV host itself, but considering we support four countries accross two continents from the UK, this isn't a solution for us.
Also aware that each connecting (from) device needs to be whitelisted but isn't sufficient should the device and account be compromised. Eg, loss of smartphone used for TV connections and its not password locked. Or malicious 3rd party access to anothers PC account (hacking).
Answers
-
I am also interested in rejecting external connections based on lack of TFA. Has this been solved? Was there a solution found elsewhere?
0