Forum Discussion
Solved
Multifactor Authentication MFA and Virtual Machines VM
We are a small development company using Office365. For a new project we now want to use some Windows VMs in the cloud. Because Azure integrates nicely with Office365 it seems to make sense to create...
- Ok, so I think I found the problem.
As described above I have disabled MFA for my account in order to be able to login to the VMs using the AzureAD credentials. I was then able to login as desired but got redirected to the MFA setup wizard every time I logged in to some MS website. I then skipped the setup as I expected this would deny login to the VMs again.
I now realized that this MFA setup was for another organization where I was added as an external user. This organization still has company-wide MFA required and therefore I was bothered with the setup at every login. I now completed the MFA setup process and it really only requires it for that company and not for my own company so login to the VMs is still possible. I have to admit that I find this behavior quite confusing as it is nowhere shown for what organization you are setting up MFA.
Therefore my main problem is solved now. I would prefer to enable MFA and disable it only for RDP or even better enable it everywhere but unfortunately this seems to be too complicated. If a simple solution pops up please let me know.
HI SandroRudin
There are some questions/answers that could help the community better analyze it.
What is the licensing that you have on the O365 tenant?
What kind of permission granularity will you desire to have within the VMs?
Without all the context here are some of my considerations:
If you considered so far Bastion, why not consider Azure VPN Gateway with Azure AD authentication with security defaults.
Will allow it MFA to login.
It's about same price for East US for example.
Regarding the authentication on Windows, you could have AADDS where VMs will join domain, and have it sync with the Azure AD tenant where is your O365.
Hope it helps to shed some light.