We have on prem AD with Office 365. We use Azure AD Connect to sync users. We also use Microsoft MFA server. We are starting to test some Azure AD features. We would like to enable Azure self service password reset. I noticed in order for a user to reset their password they need to provide an authentication method. MFA is offered. Can MFA server be used for this or is Azure MFA required?
@brentmattsonIt's correct that you cannot use SSPR with on-premises MFA server. However, if you're currently using ADFS 2012 R2 or above, there is a password change option that can be enabled. This can be coupled with the additional ADFS MFA provider that on-premises MFA can provide. My recommendation would be to explore migration to Azure AD Premium for MFA, though there may be cases you have for using on-premises MFA server that AADP cannot fulfill (LDAP/RADIUS is the most common one).