Forum Discussion
Moving from DUO MFA
Hi Kelvin et al,
I came across this which is the very helpful to our plan of migrating from Duo to Azure MFA.
We are AD FS (2016) federation with Duo integrated as an additional authentication method. My question is: if it is possible to enable both Duo and Azure MFA on AD FS so we can pilot MFA with a selected group of users while keeping the rest of users unchanged until we are ready to move all?
Thanks in advance,
Yong
HiYong_Zhang ,
My organization is also interested in a phased migration from the Duo ADFS adaptor to Azure MFA, and we too are using ADFS 2016 (Farm Behaviour Level 3, SQL configuration database). I'd be interested in learning any tips you might encounter.
One I found was that an upgrade to ADFS 2019 and increasing the FBL to 4 will give you the capability of assigning the MFA on a per-Relying Party Trust basis (https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/overview/whats-new-active-directory-federation-services-windows-server "Authentication/Policy capabilities"). This might be the way to go eventually, but I still wonder if there is a way that we can use group-assigned MFA policy per RPT, perhaps via a claims rule.