This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 72%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Greetings All,
I have Exchange On-Premises, and I am planning to introduce ActiveSync to allow mobile users access to their mailboxes (emails, calendar, etc..).
To Secure ActiveSync, it is recommended by Microsoft to enable MFA, where I have Azure E3 Subscription that includes MFA. my question is, does this subscription's MFA support my setup? or I need other solutions?
Thanking you
Jamils
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 63%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESR%3C/text%3E%3C/svg%3E)
To secure on-premises Exchange emails, such as Exchange ActiveSync or Outlook Anywhere, there is an on-premises MFA product called Deepnet DualShield MFA that would be a better solution than a hybrid on-prem & cloud environment.
You can check out the link below
https://deepnetsecurity.com/solutions/outlook/activesync/
https://deepnetsecurity.com/solutions/outlook/anywhere/
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 67%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Hi @Jamil Saif
Please refer to the discussion in below thread about MFA for on-premise Exchange activesync
Exchange Server 2016 On-Premise and 2FA/MFA
Exchange ActiveSync with Azure AD Application Proxy
For more information about Tutorial: Secure user sign-in events with Azure AD Multi-Factor Authentication
I also see a workaround using Activesync Device Quarantine. All new ActiveSync devices go into a quarantined state until approved by IT. The IT department has to get confirmation from the user that they added the device, and if they had an old device, what was done with it to properly wipe the email off.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Thank you very much for your reply.
But, there is some confusion, at least for me, when I got theses two Microsoft articles about the subject:
any clarifications on that?
Thanking you
Jamils
Thank you very much for your reply.
But, there is some confusion, at least for me, when I got theses two Microsoft articles about the subject:
any clarifications on that?
Thanking you
Jamils
Hi,
Did you deploy a hybrid for your environment? According to my knowledge, you need to deploy Exchange hybrid to use Hybrid Modern Auth (HMA)
And I also found that: Publish on-prem Exchange ActiveSync with MFA requirement which points that ActiveSync does not support Azure MFA.
Here is an article introduces about Properly securing your on-prem Exchange 2016 environment when using Hybrid Modern Authentication, still need to perform the operation in online side.
@Joyce Shen - MSFT
Again thank you for your replies.
let me make it simple, by asking you bout this article below from Official Microsoft sources
What do you say about it?
Hi,
Like I mentioned above, if you have deployed a hybrid for your on-prem server, you could follow the configuration steps in the official document.
Hi,
Any update so far?