question

EnterpriseArchitect avatar image
0 Votes"
EnterpriseArchitect asked EnterpriseArchitect commented

Configuring ADFS to work with Azure MFA for a few select services only ?

Hi Everyone,

I have already configure AzureAD synch to synchronize OnPremise AD to Azure.

I need to enforce the Azure MFA with the existing OnPremise ADFS 4.0 running on my Windows Server 2016.

Can anyone here please share some steps and procedures, what would be the consequence if I enable the below setting?

Does all services configured under the Relying Party Trust will be impacted or enforced with 2FA/MFA?

104132-image.png

Like in the above screenshot?

104100-image.png

How can I check if I need additional steps to configure the Azure AD Tenant?

Thank you in advance.



adfsazure-ad-multi-factor-authenticationazure-ad-authenticationadfs-to-aad-migration
image.png (73.5 KiB)
image.png (123.5 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
1 Vote"
amanpreetsingh-msft answered EnterpriseArchitect commented

Hi @EnterpriseArchitect · Thank you for reaching out.

If you have already performed below steps, you don't need to perform any further steps.

 $certbase64 = New-AdfsAzureMfaTenantCertificate -TenantID yourtenant.onmicrosoft.com
 Connect-MsolService
 New-MsolServicePrincipalCredential -AppPrincipalId 981f26a1-7f43-403b-a875-f8b09b8cd720 -Type asymmetric -Usage verify -Value $certBase64
 Set-AdfsAzureMfaTenant -TenantId yourtenant.onmicrosoft.com -ClientId 981f26a1-7f43-403b-a875-f8b09b8cd720
 Restart-Service adfssrv

Selecting below checkbox will NOT enforce MFA on any of the Relying Parties configured on ADFS, until the relying parties are configured to require MFA.
104158-image.png

To require MFA for specific Relying Party, you need to:
Right click on the Relying Party > Edit Access Control Policy > Select one of the policies with "require MFA" condition > Apply.

104191-image.png


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


image.png (9.8 KiB)
image.png (25.9 KiB)
· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi, @amanpreetsingh-msft since my ADFS servers farm is using WID not SQL server, can I still use the Azure MFA?

0 Votes 0 ·

@EnterpriseArchitect · Yes, you can.

1 Vote 1 ·

@EnterpriseArchitect · Just checking if you have any further question. If the answer helped please Accept the Answer to help others in the community.

1 Vote 1 ·
Show more comments