2FA for on premise exchange 2019

Sebring 41 Reputation points
2021-09-16T05:54:50.627+00:00

My customer is running on prem exchange 2019 and local AD which sync to AAD via AD Connect. Staff working from home access email via Outlook client, OWA and mobile phone. Before they migrate to Exchange online they want to activate 2FA that is simple for their non tech staff to use.

Is there newer options besides hybrid modern authentication or AD Proxy?

Thank you

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,389 questions

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. KyleXu-MSFT 26,206 Reputation points
    2021-09-17T08:29:09.943+00:00

    @Sebring

    For Exchange on-premises, you could also use ADFS as 2FA. But, for a better experience and more convenient management, I would suggest you migrate mailbox to Exchange online and manage from Office 365.

    Here is also an article about Duo for Outlook Web App (OWA) on Exchange 2013 and Later which may be useful to you.
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments
  2. Devaraj G 2,091 Reputation points
    2021-09-16T06:19:28.527+00:00

    Similar discussion here with 2016 : https://learn.microsoft.com/en-us/answers/questions/146959/exchange-server-2016-on-premise-and-2famfa.html

    I used DUO for o-prem exchange components 2FA. it works well, else you need to go with hybrid modern auth / ADFS.

    Regards,
    Dev

  3. Amit Singh 4,846 Reputation points
    2021-10-06T10:22:48.28+00:00

    Refer to a similar thread, and there is some discussion on this issue:
    "Supported services for MFA in Exchange on-premise are OWA/ECP. There are various methods to achieve this,

    1. Using ADFS
    2. Cloud-based - Azure
    3. Reverse proxy + cloud-based - for instance, the reverse proxy can be integrated with NPS for RADIUS and using NPS extension on that server for secondary authentication in Azure.

    For more details: Tutorial: Secure user sign-in events with Azure AD Multi-Factor Authentication

    0 comments
  4. Sebring 41 Reputation points
    2021-10-07T02:19:21.92+00:00

    Thanks for that. Good to know.

    Customer already committed to Exchange 2019 which I understand will be the last version of on premise exch.

  5. Scott Brown 0 Reputation points
    2023-02-13T21:18:19.53+00:00

    DeepNet Security is also a great on-premise MFA provider for outlook.

    https://deepnetsecurity.com/

    0 comments