We are looking to implement MFA in our organization. We have MFA enabled on Azure AD, just need to be able to use it for the on-premise domain and laptop logins for users.
-
How to use MFA on Windows and RDP?
-
@Waqkas-Ahmed , I hope all is well. You can take a look at the following document, as it will go over ALL of the options for you that are available/possible to implement/use and then give you links to follow for more detailed explanations and deployment guidance.
Choose the right authentication method for your Azure Active Directory hybrid identity solution:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn
Good Luck !!!
Cheers,
Adam
-
@Adam-Gordon Thanks for the response.
What I was trying to do is https://social.technet.microsoft.com/wiki/contents/articles/29061.azure-multi-factor-authentication-on-premise.aspx
However Azure Multi-factor Authentication Server was retired as of July 1, 2019.
Would we need to use a third party app for e.g. Duo ?
We want MFA enabled for users when they login to their PC's on the local network.
Currently I have setup the Hybrid Config (Exchange 2010 & Office 365) - So Azure AD and local Active directory are synced - What i'm trying to find out is what is the easiest way to setup MFA?
Would we need to use a third party app for e.g. Duo ?
-
@Waqkas-Ahmed , I hope all is well. A few things to be aware of here...
-
A Third Party MFA solution would be a possibility, and appropriate in certain circumstances, BUT.. it depends on what the architecture model you have chosen to go with is.... The document I suggested you look at above lists 3 different scenarios for deployment, and discuses, compares and contrasts all three for you in detail. IF... IF you are going with the Federation with ADFS solution, then a 3rd party MFA provider is an option, and there are links in the document , under the COMPARING METHODS section, about 3/4 of the way down the page in the MFA section to address how to go about that.
-
If you are using one of the other approaches, then cloud-based Azure AD MFA is what yo will want to go with, as you are correct, the on-premises Azure AD MFA server is no longer a supported and available option for new deployments.
You can take a look at the following for information on how to proceed:
Configure Azure AD Multi-Factor Authentication settings:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings
Good Luck !!!
Cheers,
-
-
@Adam-Gordon Thanks.
For the Azure MFA, we have that enabled and works fine with cloud applications. We just also need it to work for on-prem, windows logon and RDP connection to require 2FA.
I will have a look to see what the options are, but so far it looks like 3rd party app will be required.
Thanks
-
Azure MFA works fine for O365 and Azure-based MFA validation, Azure MFA does work for VPN's if you deploy a NPS Server with a Azure NPS Extension deployed.
As for internal MFA, a cheap solution, especially if you have less than 10 administrators, is to use Duo. Duo Free allows for 10 user, and can be install on on-premise servers. The 1st Tier of Duo is only $3 a user, and allows for grouping, and a Application gateway to be used for more advanced MFA solutions.
As of right now Azure MFA doesn't support on-premise internal MFA validation, I know it sucks and was shocked by this too, hopefully someday!
https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-azure-mfa