Forum Discussion

bwills01's avatar
bwills01
Copper Contributor
Oct 31, 2016

Azure, MFA, and Windows

Our police department currently connects to the VPN, then connect to their various applications. Because of the nature of the information they pass, they must be on the VPN, however we have been mand...
security
Dean_Gross's avatar
Dean_Gross
Silver Contributor
Nov 01, 2016

What version of Windows do they have on their devices? If they have Windows 10 there are many new features to enhance login security for this type of scenario, (some of them depend on the capabilities of the hardware), see https://technet.microsoft.com/en-us/itpro/windows/whats-new/security

 

What version of Windows Server do they have? Upgrading to 2016, will provide many benefits in this area, see https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-fs/operations/configure-ad-fs-2016-and-azure-mfa

 

You can set up MFA  in Azure or On-premises, see https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication-get-started/.

 

With Azure MFA, you can use it with Conditions, i.e, the location, the device, the application can all be used to determine when the second factor is required. It should not be needed ALL of the time, see https://azure.microsoft.com/en-us/documentation/articles/active-directory-conditional-access-azuread-connected-apps/

 

Instead of VPN, you could use Azure AD Application Proxy to provide access back into the on-premises applications, see

https://azure.microsoft.com/en-us/documentation/articles/active-directory-application-proxy-get-started/

 

 

Resources