Home
 
2 Comments
Regular Visitor

Very interesting article there, I got one quick question though. How do you enable MFA on https://sts.xxx.xxx/adfs/ls/ldpinitiatedsignon.aspx page because any attacker can come through that page.

 

Hi @JoelJuma ,

you need to know that this endpoint is disabled by default on ADFS 2016, also normally the ADFS ask to users Loging and password and only after that require the MFA (if configured), but on ADFS 2016, if I remember well, you can configure the MFA as a primary, before Login/Password.

For ADFS 2016 is strongly recommended to enable also the ESL (Extranet Smart Lookout), unfortunately the 2012R2 have only the "Extranet Soft Lookout".