Forum Discussion

C Edwards's avatar
C Edwards
Brass Contributor
Apr 03, 2018

Configure AD FS 2016 and Azure MFA - How do I get the guid for Azure Multi-Factor Auth Client?

Hi All,

 

I am trying to Configure AD FS 2016 and Azure MFA as shown on the Microsoft site:

 

 

https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-and-azure-mfa#step-1-generate-a-certificate-for-azure-mfa-on-each-ad-fs-server-using-the-new-adfsazuremfatenantcertificate-cmdlet

 

It says "981f26a1-7f43-403b-a875-f8b09b8cd720 is the guid for Azure Multi-Factor Auth Client" but doesn't show how we get this GUID.

 

When I try the command I get an error message I think is related to the GUID. How do I get the guid for Azure Multi-Factor Auth Client? 

 

I hope you can help
Colin

  • The screenshot you posted uses a different GUID, make sure you provide exactly "981f26a1-7f43-403b-a875-f8b09b8cd720" as the value for -AppPrincipalID. As explained in the article, this is the id of the Azure MFA application that exists in your tenant:

     

    Get-MsolServicePrincipal -AppPrincipalId 981f26a1-7f43-403b-a875-f8b09b8cd720
    
    ExtensionData         : System.Runtime.Serialization.ExtensionDataObject
    AccountEnabled        : True
    Addresses             : {Microsoft.Online.Administration.RedirectUri}
    AppPrincipalId        : 981f26a1-7f43-403b-a875-f8b09b8cd720
    DisplayName           : Azure Multi-Factor Auth Client
    ObjectId              : 81376720-790b-4752-bce1-a769de2bb39b
    ServicePrincipalNames : {981f26a1-7f43-403b-a875-f8b09b8cd720, AzureMulti-FactorAuthClient}
    TrustedForDelegation  : False

     

  • The screenshot you posted uses a different GUID, make sure you provide exactly "981f26a1-7f43-403b-a875-f8b09b8cd720" as the value for -AppPrincipalID. As explained in the article, this is the id of the Azure MFA application that exists in your tenant:

     

    Get-MsolServicePrincipal -AppPrincipalId 981f26a1-7f43-403b-a875-f8b09b8cd720
    
    ExtensionData         : System.Runtime.Serialization.ExtensionDataObject
    AccountEnabled        : True
    Addresses             : {Microsoft.Online.Administration.RedirectUri}
    AppPrincipalId        : 981f26a1-7f43-403b-a875-f8b09b8cd720
    DisplayName           : Azure Multi-Factor Auth Client
    ObjectId              : 81376720-790b-4752-bce1-a769de2bb39b
    ServicePrincipalNames : {981f26a1-7f43-403b-a875-f8b09b8cd720, AzureMulti-FactorAuthClient}
    TrustedForDelegation  : False

     

    • awaazizwaazcorpsite's avatar
      awaazizwaazcorpsite
      Copper Contributor

      VasilMichev 

       

      Hello

      I have Office 365 E3 plan, and i want to use ADFS with Azure MFA. 

       

      When i lunch 

      Get-MsolServicePrincipal -AppPrincipalId 981f26a1-7f43-403b-a875-f8b09b8cd720

      I have thiss error :

       

      Get-MsolServicePrincipal : Service principal was not found.

       

      Thanks for your help 

Resources