Forum Discussion
[Exchange] MFA on-premises
Hi everybody
Is there a way to activate MFA (2fa) in a 100% on-premises environment?
Is there any documentation?
Thanks for help.
- Rolf-42Iron Contributor
Can you please describe your setup a little bit. Do you have Exchange and AD on premises only and want MFA? Or do you have a hybrid AD/Azure AD and an on premises Exchange and want MFA ...
And is it a Microsoft MFS server you want to deploy? If yes please be aware about the product policy of Microsoft as mentioned here: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfaserver-deploy
I hope that helps
Cheers
Rolf
#MCT #LearnWithRolf #TheCloud42- Marco Antonio da SilvaCopper Contributor
Hi Rolf-42
We have Exchange on-premises with no hybrid mode enabled, but we have AD SYNC with Azure to use other services.
We want to continue with Exchange on-premises without activating hybrid mode, but we want to activate MFA on-premises.Thank you for help.
- Rolf-42Iron Contributor
Hello Marco Antonio da Silva
Thank you for the clarification. As stated in the doc, that I linked before, new on premises deployments of MFA servers are not offered. You do not even get the link to download the server software.
The callout says "As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. New customers who would like to require multi-factor authentication from their users should use cloud-based Azure Multi-Factor Authentication."
What is your motivation to have an on premises MFA server installation? The MFA service in Azure, as an additional security measure, is protecting your identities and by that only indirectly the mailboxes of the users but also all other services that you configure to have MFA.
And your identities are already in hybrid mode. From my perspective an MFA server on premises is not the best architecture and I do not recommend it.
Cheers
Rolf
#MCT #LearnWithRolf #TheCloud42