Hello
I'd like to know whether is possible to manage MFA for on-premise group of users as well .
The need is for having on-premise authentication for a group of privileged user to be forced to use MFA for interactive login or UAC
Hello
I'd like to know whether is possible to manage MFA for on-premise group of users as well .
The need is for having on-premise authentication for a group of privileged user to be forced to use MFA for interactive login or UAC
Microsoft does not support MFA server for new deployments, but if you have an existing MFA server and your users exist on premises you can enforce MFA conditionally via Remote Desktop Gateway. Note, however, that the server still needs to reach out to Azure for the MFA portion, but your users can be entirely on premises. You just need to have the correct number of licenses for your on-premises users.
For new deployments it is recommended to use NPS extension and Azure MFA for on-premises applications.
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfaserver-nps-rdg
Hi,
For new deployment i understand that Microsoft does not support MFA server. We have a hybrid environment where on-premises AD accounts are getting synced with Azure AD. I want some of my privileged user to go through MFA which using their account, either to take remote of server or using any serviced. How would that be possible?
I would love to do this as well. Would we need Windows Hello for Business or would Azure AD P2 Office 365 E5 allow us to do this?
Hi sc2111 ,
For on premise highly privilege accounts, you can use PAM and along with PAM you can use Azure MFA. Refer below URL for more information:-
Thanks,Ravi
Thanks Ravi. Through PAM will it be possible to take remote access of on prem server from internal network through MFA?
8 people are following this question.