How to use MFA on Windows and RDP?

Waqkas Ahmed

We are looking to implement MFA in our organization. We have MFA enabled on Azure AD, just need to be able to use it for the on-premise domain and laptop logins for users.

Adam Gordon

@Waqkas-Ahmed , I hope all is well. You can take a look at the following document, as it will go over ALL of the options for you that are available/possible to implement/use and then give you links to follow for more detailed explanations and deployment guidance.

Choose the right authentication method for your Azure Active Directory hybrid identity solution:

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn

Good Luck !!!

Cheers,

Adam

Waqkas Ahmed

@Adam-Gordon Thanks for the response.

What I was trying to do is https://social.technet.microsoft.com/wiki/contents/articles/29061.azure-multi-factor-authentication-on-premise.aspx

However Azure Multi-factor Authentication Server was retired as of July 1, 2019.

Would we need to use a third party app for e.g. Duo ?

We want MFA enabled for users when they login to their PC's on the local network.

Currently I have setup the Hybrid Config (Exchange 2010 & Office 365) - So Azure AD and local Active directory are synced - What i'm trying to find out is what is the easiest way to setup MFA?

Would we need to use a third party app for e.g. Duo ?

Adam Gordon

@Waqkas-Ahmed , I hope all is well. A few things to be aware of here...

A Third Party MFA solution would be a possibility, and appropriate in certain circumstances, BUT.. it depends on what the architecture model you have chosen to go with is.... The document I suggested you look at above lists 3 different scenarios for deployment, and discuses, compares and contrasts all three for you in detail. IF... IF you are going with the Federation with ADFS solution, then a 3rd party MFA provider is an option, and there are links in the document , under the COMPARING METHODS section, about 3/4 of the way down the page in the MFA section to address how to go about that.
If you are using one of the other approaches, then cloud-based Azure AD MFA is what yo will want to go with, as you are correct, the on-premises Azure AD MFA server is no longer a supported and available option for new deployments.

You can take a look at the following for information on how to proceed:

Configure Azure AD Multi-Factor Authentication settings:

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings

Good Luck !!!

Cheers,

Waqkas Ahmed

@Adam-Gordon Thanks.

For the Azure MFA, we have that enabled and works fine with cloud applications. We just also need it to work for on-prem, windows logon and RDP connection to require 2FA.

I will have a look to see what the options are, but so far it looks like 3rd party app will be required.

Thanks