question

sc2111 avatar image
0 Votes"
sc2111 asked SohaibuddinAhmed-8341 commented

MFA on-premise

Hello
I'd like to know whether is possible to manage MFA for on-premise group of users as well .
The need is for having on-premise authentication for a group of privileged user to be forced to use MFA for interactive login or UAC

azure-ad-multi-factor-authentication
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MarileeTurscak-MSFT avatar image
1 Vote"
MarileeTurscak-MSFT answered JeremyMello-5459 commented

Microsoft does not support MFA server for new deployments, but if you have an existing MFA server and your users exist on premises you can enforce MFA conditionally via Remote Desktop Gateway. Note, however, that the server still needs to reach out to Azure for the MFA portion, but your users can be entirely on premises. You just need to have the correct number of licenses for your on-premises users.

For new deployments it is recommended to use NPS extension and Azure MFA for on-premises applications.

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfaserver-nps-rdg

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

For new deployment i understand that Microsoft does not support MFA server. We have a hybrid environment where on-premises AD accounts are getting synced with Azure AD. I want some of my privileged user to go through MFA which using their account, either to take remote of server or using any serviced. How would that be possible?

0 Votes 0 ·

I would love to do this as well. Would we need Windows Hello for Business or would Azure AD P2 Office 365 E5 allow us to do this?

0 Votes 0 ·
bhanote avatar image
0 Votes"
bhanote answered SohaibuddinAhmed-8341 commented

Hi sc2111 ,

For on premise highly privilege accounts, you can use PAM and along with PAM you can use Azure MFA. Refer below URL for more information:-

https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/privileged-identity-management-for-active-directory-domain-services


Thanks,Ravi

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks Ravi. Through PAM will it be possible to take remote access of on prem server from internal network through MFA?

0 Votes 0 ·