Quest Defender v5.5 enables admins to use something you know (PIN/password) plus something you have (hardware token/mobile device) to ensure remote users accessing one of many different environments are who they say they are.

There was a lot of configuration required to get the system up and running. However, the install was intuitive and the configuration wizard made the process easy to follow. The wizard did all the heavy lifting and made a complex implementation very bearable. Once loaded, that management interface was great. It's a nice menu-driven interface with pull-down menus that make granular policy creation easy. There are default policies for those who want to get up and running quickly.

Defender is a true enterprise-ready solution with full-featured token integration (hard tokens, soft tokens, SMS and Grid). It offers redundancy and load-balancing support and integration with Microsoft AD, LDAP and Radius. Defender supports any OATH-compliant hardware token, as well as tokens from VASCO, ActivIdentity, Authenex, Aladdin, NagraID, and GrIDsure.

All Defender administration is done using native Microsoft management tools, namely the Active Directory Users and Computers snap-in (ADUC) feature of the Microsoft Management Console (MMC). Defender administration can thus be installed and run on any platform supported by Microsoft for the above mentioned. Defender Security Server is typically installed on MS domain controllers or member servers.

The soft token cards were really nice. We also liked the option that allowed users with expired Microsoft Active Directory passwords to reset them based on an authentication.

Documentation was very detailed. Support is free for the first year and multiple support options are available.
This is a very good solution for enterprise multifactor protection. With the additional cost of adding tokens, the per-user price is at the higher end of the solutions we evaluated, but you get your money's worth in return.