Securing privileged access
If you have installed authentication, privilege elevation, and audit and monitoring services, you can require multi‑factor authentication when users perform operations with an elevated access right, in addition to requiring multi-factor authentication when users log in. For Linux and UNIX computers, for example, you can also create command rights that require multi-factor authentication when executing commands using elevated privileges (dzdo) or in restricted shell (dzsh) environments. For Windows computers, you can create desktop, application, and network access rights that require two-step authentication to use the elevated privileges associated with the desktop, application, or network access.
Before configuring multi-factor authentication for any type of access right, you need to perform some preliminary steps to prepare your environment.