Forum Discussion

Newlife's avatar
Newlife
Brass Contributor
Mar 18, 2020

Questions on on-prem ADFS migration to Azure MFA

Hi Experts, 

One of our customer currently has the below environment:

 

  • Currently we’ve on-prem Windows 2016 ADFS – SSO installed.
  • Conditional access has been enabled for External users.
  • Hybrid is enabled and MFA is also enabled in Azure Active directory.

 

Current behavior:

 

If someone browses admin.microsoft.com,

 

The request will hit on-prem ADFS and apply conditional access (If it is external users then it’ll prompt for MFA else it won’t). MFA is currently enabled in Azure Active directory.

 

The behavior we want to achieve is,

 

If someone browses admin.microsoft.com,

 

The request should hit Azure AD MFA irrespective of internal/external users and get rid of on-prem ADFS-SSO.

 

How can we achieve it?

 

Any inputs would be of great help!

Resources