Forum Discussion
[Exchange] MFA on-premises
Hi Rolf-42
We have Exchange on-premises with no hybrid mode enabled, but we have AD SYNC with Azure to use other services.
We want to continue with Exchange on-premises without activating hybrid mode, but we want to activate MFA on-premises.
Thank you for help.
Hello Marco Antonio da Silva
Thank you for the clarification. As stated in the doc, that I linked before, new on premises deployments of MFA servers are not offered. You do not even get the link to download the server software.
The callout says "As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. New customers who would like to require multi-factor authentication from their users should use cloud-based Azure Multi-Factor Authentication."
What is your motivation to have an on premises MFA server installation? The MFA service in Azure, as an additional security measure, is protecting your identities and by that only indirectly the mailboxes of the users but also all other services that you configure to have MFA.
And your identities are already in hybrid mode. From my perspective an MFA server on premises is not the best architecture and I do not recommend it.
Cheers
Rolf
#MCT #LearnWithRolf #TheCloud42
hello Rolf-42
Thank for your answer.
I will indicate to my boss a option to configure exchange in hybrid mode and so use all resource of Azure MFACheers,
Hi Marco, I might be a bit late but from what I understand, you do not need to be in Exchange Hybrid but in Azure AD Hybrid which you mentionned you are for other services.
Depending on your O365 subs, you could enable MFA for your user and use an AppProxy with conditional rules.
I'm actually looking into this route myself.
Best of luck to you.
