Is it possible to have MFA integrated to onpremise AD?
Like when they login using the domain admin account they will go through MFA.
Azure MFA doesn't support MFA for local logon on devices. You should rather focus on hardening your environment and implementing secure administrative hosts for example
As of July 1, 2019, Microsoft no longer offers MFA Server for new deployments.
New customers that want to require multi-factor authentication (MFA) during sign-in events should use cloud-based Azure AD Multi-Factor Authentication.
For more information , you can refer to the following link:
Thanks for your answers guys. I'm sorry If I can mark only one as Answer.
By the way, to help others who are also needing this, we are going to test Okta's service to apply MFA for on-prem DCs.
I think today a solution is technically possible using FIDO2 keys and the old domain "SCRIL" feature.
Also Remote Credential Guard and Protected Users are components required.
Here all the details :
Please test yourself reporting feedbacks :) (I only tested in my lab , never in production so a running test might be appreciated ..)
6 people are following this question.