question

Sebring-0064 avatar image
0 Votes"
Sebring-0064 asked KyleXu-MSFT commented

2FA for on premise exchange 2019

My customer is running on prem exchange 2019 and local AD which sync to AAD via AD Connect. Staff working from home access email via Outlook client, OWA and mobile phone. Before they migrate to Exchange online they want to activate 2FA that is simple for their non tech staff to use.

Is there newer options besides hybrid modern authentication or AD Proxy?

Thank you

azure-ad-connectoffice-exchange-hybrid-itprooffice-exchange-server-deployment
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I am writing here to confirm with you any update about this thread now? Do you deploy 2FA successfully?

0 Votes 0 ·
Dev073 avatar image
0 Votes"
Dev073 answered Sebring-0064 commented

Similar discussion here with 2016 : https://docs.microsoft.com/en-us/answers/questions/146959/exchange-server-2016-on-premise-and-2famfa.html

I used DUO for o-prem exchange components 2FA. it works well, else you need to go with hybrid modern auth / ADFS.

Regards,
Dev

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HI Dev,

What must be enabled on the Microsoft side to allow a 3rd party DUO to act as a component of MFA?

0 Votes 0 ·

HI Dev,

I saw at least Modern Authentication must be supported if access is via Outlook client which OWA does not.

0 Votes 0 ·
KyleXu-MSFT avatar image
0 Votes"
KyleXu-MSFT answered

@Sebring-0064

For Exchange on-premises, you could also use ADFS as 2FA. But, for a better experience and more convenient management, I would suggest you migrate mailbox to Exchange online and manage from Office 365.

Here is also an article about Duo for Outlook Web App (OWA) on Exchange 2013 and Later which may be useful to you.
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

imamitsingh avatar image
0 Votes"
imamitsingh answered

Refer to a similar thread, and there is some discussion on this issue:
"Supported services for MFA in Exchange on-premise are OWA/ECP. There are various methods to achieve this,

  1. Using ADFS

  2. Cloud-based - Azure

  3. Reverse proxy + cloud-based - for instance, the reverse proxy can be integrated with NPS for RADIUS and using NPS extension on that server for secondary authentication in Azure.

For more details: Tutorial: Secure user sign-in events with Azure AD Multi-Factor Authentication


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Sebring-0064 avatar image
0 Votes"
Sebring-0064 answered KyleXu-MSFT commented

Thanks for that. Good to know.

Customer already committed to Exchange 2019 which I understand will be the last version of on premise exch.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

If above suggestion helps, I would suggest you accept it as an answer to help more people.

0 Votes 0 ·