Consider the following guidelines before you begin implementing multi-factor authentication for the Windows logon:
Identify the authentication methods that you want to configure.
Determine the order of methods in the chain. The methods are displayed to the end user in the order that you have configured.
Determine the policy that must be configured for the identified methods.
Identify the user group for which you want to enforce this authentication chain.
The following diagram illustrates the sequential flow of actions required for securing the Windows workstation with multi-factor authentication: