This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 4%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDK%3C/text%3E%3C/svg%3E)
Hi
I am trying to find some specific info with regards to Exchange Server 2016 on-premise implementation and 2FA/MFA and not finding much luck.
I have a client who is looking to implement a 2FA solution for their on-premise exchange environment. They currently have PingFederate in the environment and are implementing Symantec 2FA as the MFA provider.
From my understanding I believe that we can implement 2FA without any problems for OWA but I have also been asked to investigate the implementation of 2FA for EWS, ActiveSync and the Outlook Mobile app. This is where I cannot find information.
Is it possible to implement 2FA for these services? Please advise
Hi,
To my knowledge, supported services for MFA in Exchange on-premise are OWA/ECP. There are various methods to achieve this,
http://msexchangeguru.com/2017/01/16/secure-owa-ecp-with-mfa/
https://practical365.com/exchange-server/exchange-web-services-bypass-multi-factor-authentication/
https://social.msdn.microsoft.com/Forums/en-US/d28e3947-0a19-44d9-b39f-db9a4f6c21f3/mfa-on-premises-exchange-2016?forum=windowsazureactiveauthentication
If the above suggestion is helpful, please click on "Accept Answer" and Upvote it.
Hi,
Just to check if there are any updates. If the above suggestion helps, please click on "Accept Answer" and upvote it. Thanks for understanding.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 22%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELL%3C/text%3E%3C/svg%3E)
Hi @Dhillan Kalyan ,
I agree with what AshokM-8240 said.
In addition, if you use a third-party product to set up MFA for ActiveSync and Outlook on mobile, please note that there are requirements for your mobile system. For specific restrictions, please refer to the instructions of each product.
----------
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi @Dhillan Kalyan ,
Do suggestions above help? If the issue has been resolved, please click “Accept as answer” to mark helpful reply as an answer, this will make answer searching in the forum easier and be beneficial to other community members as well.
Thanks for your understanding.
----------
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi @Dhillan Kalyan ,
I am writing here to confirm with you how thing going now? If the above suggestion helps, please click “Accept as answer” to mark helpful reply as an answer.Your action would be helpful to other users who encounter the same issue and read this thread.
Thanks for your understanding.
----------
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 74%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDM%3C/text%3E%3C/svg%3E)
@Ashok M
My specific goal is to implement 2FA for On-Prem Exchange 2019 multi-tenant. Above you said the goal could be accomplished by various methods. I'm specifically interested in 1. Using ADFS and 2. Cloud based - Azure. I can find articles that talk about these topics but not specifically how to accomplish my goal. Can you give more info on options 1 and 2 please?
Thanks!!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 32%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAT%3C/text%3E%3C/svg%3E)
You can create an Enterprise Application in Azure AD and implement MFA for On Premise Mailbox.
Refer
https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/what-is-application-proxy
@AkankshaThakur-8359 avatar image AkankshaThakur-8359
Thank you so much for the response and suggestion. Unfortunately the higher ups have decided to go an different direction. Thank you again for your input.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 59%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKC%3C/text%3E%3C/svg%3E)
I also am being tasked with 2FA for OWA onprem Exchange 2016 server. I already have 2FA established throughout the domain and remote users with hardware Yubikey Smart cards. I was hoping I could use these same cards rather than having to now support an additional 2FA solution. Is it possible within exchange 2016 On Prem or 2019 Server to support Hardware Tokens FIDO2 ??? Is there any kind of support for my yubikeys to do 2fa for OWA or am I stuck with having to purchase additional solution?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 4%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFL%3C/text%3E%3C/svg%3E)
I honestly got tired of all the security issues and the problems with CU for exchange crashing exchange.Sorry microsoft but your exchange care and patching has been terrible for a long time.
I personally created a brand new deploy of 2019 with latest CU and all security patch.
I then created a firewall setup to a reputable smart host for spam, virus and maleware and locked nat only to smart host ip for smtp.
Opened owa only for internal function for workstations not having office.
For phones i created ikev2 vpn and once activated on iphone or droid they are free to enjoy securely and dont even need to interact and all encrypted on the cell.
Hi,
I had the same challenge and ended using DUO 2FA for Exchange 2016 OWA on premise, the setup and configuration was straightforward
owa
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 43%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBA%3C/text%3E%3C/svg%3E)
I also run 2019 on-prem Exchange and 100+ users all over the USA who use Outlook to connect and hate OWA .. will DUO work for Outlook end users out on the road and how will that work for cell phone users?
Jeff
I also run 2019 on-prem Exchange and 100+ users all over the USA who use Outlook to connect and hate OWA .. will DUO work for Outlook end users out on the road and how will that work for cell phone users?
Great question! Ever get a response or try it out?
As far as I know, DUO only works with OWA. It does not work with Outlook or mobile apps.
Thanks
Sorry for the late response,
I only tested it on OWA, I have no Idea if it supports Outlook desktop or mobile client.