2FA/MFA at client connection

Most security certifications require remote clients to run a two-factor validation process before allow it to connect. Also would be great that the Windows client could verify that system protection is enabled (manage-bde -status -cn localhost) before allowing connection to the remote network.