Forum Discussion
Han Valk
Jul 27, 2017Copper Contributor
Hybrid Azure AD MFA with password sync, so on-prem MFA server plus cloud
I want to use Azure AD MFA for users in the following way: Users including password hashes are synced to Azure AD using AAD Connect. There is no ADFS trust between on-prem ADFS en Azure AD. On-pre...
Jul 27, 2017
Not sure what the real question is. But if you're asking if you can do MFA in the cloud without having to use MFA on-premises, the answer is yes. You could, as you suggested, use the MFA server to have on-premises resources authenticate using Azure MFA.
Cheers,
-Michael
- VasilMichevJul 27, 2017MVP
Yup, you can mix and match the on-prem and cloud MFA enforcement, and even bypass or force double-MFA as needed. You will have to take care of the AD FS claims rules configuration though, to avoid some issues. Read about the -SupportsMFA switch for example here: https://blogs.technet.microsoft.com/bulentozkir/2016/05/01/office-365-customers-who-have-adfs-installed-can-do-simple-filtered-mfa-using-adfs-claim-rules/