@chdafni-msft (Customer)​,

With earlier agents (for example, Authentication Agent 7.4.x for Windows, Authentication Agent 8.1.3 for PAM, etc.), each one needs its' own agent record under Access > Authentication Agents > Manage Existing. An sdconf.rec needs to be placed on the agent and communication established by creating a node secret. The MFA agents that use REST do not implement the sdconf.rec and do not use a node secret. You can have the MFA agent installed on any number of machines with only one agent record listed in the Security Console. All you need to do is supply the agent with the correct RSA Authentication API REST URL when configuring that agent's GPOs.

Hi @EricaChalfin (RSA)​  - here in lies the issue in terms of tracking agent installation - since RSA AM does not track agents w/ RSA MFA Agent, whereas the original RSA Authentication Agent did, is there a RSA specific mechanism for tracking/auditing where RSA MFA Agent is installed? Scenario: Identify where RSA MFA Agent is not installed or similar inventory for purposes of validating said systems will enforce MFA policies.

This process was /automatic/ with the RSA Authentication Agent.

@chdafni-msft (Customer)​ ,

Apologies, I am not sure why I didn't get a notification of your post until earlier this morning.

In regards to Authentication Manager, the server can track what machines have an MFA Agent installed. If you look up the agent record in the Security Console and click on the context arrow next to the agent name, you will see an option for Agent Instances. Select this to view a page with information about the machines on which the MFA agent is installed.

Additionally, there is a List All Installed Agents report template that you can run to see this information in a different format

I hope this belated response answers your questions!