question

zahidhaseeb-8802 avatar image
0 Votes"
zahidhaseeb-8802 asked ·

Infrastructure with Azure MFA

Please help me to understand

I am currently studying the "Azure MFA". After reading the below article I am assuming that if any of the license acquired like office365 then the person can use it for internal infrastructure as well with no extra cost. For example MFA can be use for windows login or MFA can be use for vpn dialer or MFA can be use for accessing remote desktop/terminal services with no additional cost.


https://azure.microsoft.com/en-us/pricing/details/active-directory/

azure-ad-multi-factor-authentication
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered ·

@zahidhaseeb-8802 Multi-Factor Authentication for Office 365 users offers a subset of Azure MFA features at no cost for access to Office 365 services, including Exchange Online and SharePoint Online. subset of Azure MFA features means, you will not be able to perform actions such as trigger MFA using Conditional Access policies or configure trusted IPs to skip MFA (as highlighted below) as these features are available with Premium versions of Azure AD.

alt text

However, with the help of NPS extension, you should be able perform MFA for VPN and RDP sessions in your on premises environment.

Note: If you activate Azure AD Premium license for 1 user, these features will be available to all users in the tenant but in order to stay compliant, you should be having premium license for all users who are using the premium features.

Hope this answers your question. Refer to MFA FAQs here for more details.




Please "mark as answer" or "vote as helpful" wherever the information provided helps you to help others in the community.



untitled.png (5.2 KiB)
·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

BijuThankappan-5910 avatar image
1 Vote"
BijuThankappan-5910 answered ·

Yes, correct. Take a look as this and comply with the pre-reqs.


· 2 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks Biju for your words, I am not able to find any information related to additional cost or license involvement in the article which you shared above.


0 Votes 0 ·

zahidhaseeb-8802 You need at least an Azure P1 subscription to avail the MFA feature. For license/consumption costs, please refer this article.


Please "mark as answer" or "vote as helpful" wherever the information provided helps you to help others in the community.


0 Votes 0 ·
michev avatar image
0 Votes"
michev answered ·

It's not "any" license, you need Azure AD Premium P1 specifically if you want to protect on-premises apps: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-licensing

· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@michev Just saw the share article. Need to confirm one thing. Office365 also bundled with MFA. Does that MFA pertain only for office365 email account security.


In case of Infrastructure applications are involved for MFA then Azure Multi-Factor Authentication should be purchased


0 Votes 0 ·