GITBOOK-126: No subject

defguard-community · gitbook-bot · commit f352763fe979 · 2025-10-27T10:05:37.000Z
diff --git a/about/features-overview.md b/about/features-overview.md
@@ -1,69 +1,107 @@
 # Features overview
 
-### Remote Access with WireGuard® VPN 2FA/MFA:
-
-* [**Multi-Factor Authentication**](../features/wireguard/multi-factor-authentication-mfa-2fa/) using our [desktop client](https://defguard.net/client)
-* **Multiple VPN Locations** (networks/sites) - with defined access (all users or only Admin group)
-* Multiple [Gateways](https://github.com/DefGuard/gateway) for each VPN Location ([**high availability/failover**](../deployment-strategies/high-availability-and-failover.md)) - supported on a cluster of routers/firewalls for Linux, FreeBSD/PFSense/OPNSense
-* Import your current WireGuard server configuration (with a wizard!)
-* _Easy_ device setup by users themselves (self-service)
-* Automatic IP allocation
+Defguard combines secure remote access, modern identity management, and powerful integrations — all in one open-source platform.\
+Below you’ll find an overview of its main capabilities, designed for both administrators and end users.
+
+### 🌐 Remote Access with WireGuard® VPN + 2FA/MFA
+
+Secure, high-performance VPN built on [WireGuard®](https://www.wireguard.com/) protocol, enhanced with real multi-factor authentication.
+
+* [Multi-Factor Authentication](https://docs.defguard.net/features/wireguard/multi-factor-authentication-mfa-2fa) using our [desktop client](https://defguard.net/client)
+* Multiple VPN Locations (networks/sites) - define access for all users or selected admin groups
+* Multiple [Gateways](https://github.com/DefGuard/gateway) per VPN Location with [high availability/failover](https://docs.defguard.net/deployment-strategies/high-availability-and-failover)
+* Import your existing WireGuard configuration easily with a guided wizard
+* Self-service device setup - users can add their devices on their own
+* Automatic IP allocation for connected devices
 * Kernel (Linux, FreeBSD/OPNSense/PFSense) & userspace WireGuard support
-* [Dashboard and statistics overview](../features/wireguard/network-overview.md) of connected users/devices for admins
+* [Dashboard & statistics](https://docs.defguard.net/features/wireguard/network-overview) for admins - track users and connections
+
+### 💻 Desktop, 📱 Mobile & 🧰 CLI Clients
+
+Defguard provides modern, easy-to-use clients for every platform - giving users secure, MFA-protected VPN access wherever they work.
+
+* Desktop Client - available for [Windows, macOS, and Linux](https://github.com/DefGuard/client/releases/tag/v1.5.2)
+  * Enables direct VPN connection using MFA/2FA
+  * One-click enrollment via secure deep links received from the administrator
+* Mobile Apps — available for [Android](https://play.google.com/store/apps/details?id=net.defguard.mobile) and [iOS](https://apps.apple.com/us/app/defguard-vpn-client/id6748068630)
+  * Connect securely to the Defguard VPN using multi-factor authentication
+  * Includes an additional biometric factor (Face ID / Touch ID) for MFA confirmation
+  * Allows fast approval of authentication requests directly from the phone
+* CLI Client — lightweight and script-friendly tool for Linux and macOS
+  * Provides full VPN control via terminal
+  * Ideal for automation, servers, or advanced users preferring CLI workflows
+
+### 🔑 Multi-Factor/2FA Authentication
 
-_Defguard is not an official WireGuard project, and WireGuard is a registered trademark of Jason A. Donenfeld._
+Add another layer of protection to user accounts.
 
-### [_Activity & Audit Logs_](../features/activity-log/)
+* [Time-based One-Time Password (TOTP)](https://en.wikipedia.org/wiki/Time-based_one-time_password) - compatible with Google Authenticator, Authy, etc.
+* WebAuthn / FIDO2 - hardware keys, Face ID, Touch ID, and other authenticators
+* Email tokens as an additional authentication method
+* Biometric verification via the mobile app - use your device’s built-in Face ID or fingerprint sensor to confirm login or VPN access
 
-* User event logging with detailed metadata
-* Advanced filtering and search by user, module, event type and time range
-* Role-based visibility - users can see only their events
-* Grouped logs by modules (Defguard, enrollment, VPN)
-* Real-time [log streaming](../features/activity-log/activity-log-streaming/) to SIEM tools (Enterprise feature)
+### 👤 Identity Management
 
-### OpenID Connect
+Manage your users and their access in one place.
 
-* Defguard is an internal OIDC provider for [Single Sign-On](../features/openid-connect/).
-* Supports [external OpenID](../features/external-openid-providers/) providers for user authentication.
+* [OpenID Connect](https://openid.net/developers/how-connect-works/) based SSO
+* External [OpenID providers for login/account creation (Google/Microsoft/Custom)](https://docs.defguard.net/features/external-openid-providers)
+* LDAP synchronization (tested on [OpenLDAP](https://www.openldap.org/))
+* Simple, modern UI for managing users
+* User self-service - manage data, revoke app access, reset MFA, control WireGuard devices
 
-### [Access Control List](../features/access-control-list/)
+### 🧭 Account Lifecycle Management
 
-* Access rules for VPN locations
+Automated, secure, and user-friendly onboarding.
+
+* Secure remote (over the Internet) [user enrollment](https://defguard.gitbook.io/defguard/help/remote-user-enrollment)
+* [User onboarding after enrollment](https://defguard.gitbook.io/defguard/help/remote-user-enrollment/user-onboarding-after-enrollment)
+* Self-service password reset
+
+### 🧱 [Access Control List](https://docs.defguard.net/features/access-control-list)
+
+Granular, instant control over VPN access.
+
+* Access rules per VPN location
 * Allow or deny access based on users or groups
-* Changes are applied in **real time**
+* Changes are applied in real time
+
+### 🔐 OpenID Connect
+
+Defguard acts as your internal OIDC provider - giving you full control over identity and SSO.
+
+* Defguard is an internal OIDC provider for [Single Sign-On](https://docs.defguard.net/features/openid-connect)
+* Supports [external OpenID](https://docs.defguard.net/features/external-openid-providers) providers for authentication
 
-### Identity Management:
+### 🧾 [Activity & Audit Logs](https://docs.defguard.net/features/activity-log)
 
-* #### [OpenID Connect](https://openid.net/developers/how-connect-works/) based SSO
-* External [OpenID providers for login/account creation (Google/Microsoft/Custom)](../features/external-openid-providers/)
-* LDAP (tested on [OpenLDAP](https://www.openldap.org/)) synchronization
-* Nice UI to manage users
-* Users **self-service** (besides typical data management, users can revoke access to granted apps, MFA, WireGuard, etc.)
+Monitor and understand what’s happening across your system with detailed, searchable logs.
 
-### [Multi-Factor/2FA](https://en.wikipedia.org/wiki/Multi-factor_authentication) Authentication
+* User event logging with complete metadata
+* Advanced filtering by user, module, event type, or time range
+* Role-based visibility - users only see their own events
+* Logs grouped by module (Defguard, enrollment, VPN)
+* Real-time [log streaming](https://docs.defguard.net/features/activity-log/activity-log-streaming) to SIEM tools _(Enterprise feature)_
 
-* [Time-based One-Time Password Algorithm](https://en.wikipedia.org/wiki/Time-based_one-time_password) (TOTP - e.g. Google Authenticator)
-* WebAuthn / FIDO2 - for hardware key authentication support (e.g. YubiKey, Face ID, Touch ID, ...)
-* Email tokens
+### 📬 Notifications
 
-### Account Lifecycle Management:
+Stay in the loop with real-time notifications.
 
-* Secure remote (over the internet) [user enrollment](https://defguard.gitbook.io/defguard/help/remote-user-enrollment)
-* User [onboarding after enrollment](https://defguard.gitbook.io/defguard/help/remote-user-enrollment/user-onboarding-after-enrollment)
-* Self-service for password reset
+* [Email notifications](https://docs.defguard.net/features/notifications/setting-up-smtp-for-email-notifications) via SMTP
+* [Gateway disconnect/reconnect](https://docs.defguard.net/features/notifications/gateway-notifications) alerts
+* [New version](https://docs.defguard.net/features/notifications/new-version-notifications) notifications
 
-### Notifications
+### 🛡️ YubiKey Provisioning
 
-* [Email notifications ](../features/notifications/setting-up-smtp-for-email-notifications.md)via SMTP
-* [Gateway disconnect/reconnect](../features/notifications/gateway-notifications.md) notifications
-* [New version](../features/notifications/new-version-notifications.md) notifications
+* [YubiKey hardware keys](https://www.yubico.com/) provisioning for users with one click
 
-### YubiKey Provisioning
+### 🔗 Integrations
 
-[YubiKey hardware keys](https://www.yubico.com/) provisioning for users with _one click_
+Easily connect Defguard with your existing systems.
 
-### Integrations
+* [Webhooks](https://docs.defguard.net/features/integrations/webhooks) for automation
+* [REST API](https://docs.defguard.net/features/integrations/api-tokens) for integrations and scripting
 
-[Webhooks](../features/integrations/webhooks.md) & [REST API](../features/integrations/api-tokens.md)
+### ⚙️ Built with Rust
 
-Build with [Rust](https://www.rust-lang.org/) for portability, security, and speed
+Built in [Rust](https://www.rust-lang.org/) - delivering portability, security, and speed from the ground up.
