Forum Discussion
Azure MFA and Azure MFA Server side by side
Hello All, Is it possible to use Azure Cloud MFA but for certain on Premise Apps which I'm not allowed or able to Publish through Azure App Proxy, use the Azure MFA Server within the same Tenant ...
Yes, you can mix and match the on-prem MFA server and Azure MFA enforcement for specific apps, and even bypass or force double-MFA as needed. You will have to take care of the ADFS claims rules configuration though, to avoid some issues.
Thank you, we are currently use none specific Rules on ADFS except forward for MFA everything to Azure Cloud MFA Service. I would like to keep this way if possible and only utilize MFA Server for the stuff which does not pass ADFS directly. Example: we have Citrix NetScaler in front of On Premise Exchange 2016 which are able to use MFA Server for 2nd Factor. Exchange 2016 is Hybrid Configured with Exchange Online and we have Users there too which currently use ADFS/ Azure MFA Cloud based 2nd Factor. So the Way how still On-premise Users access the Environment is completely separated from WAP / ADFS. Is this possible or do I still need to somehow modify ADFS Claims ?
You need to create an ADFS rule that avoids the request for the traffic that not pass ADFS directly, but in this configuration, you may create a lot of maintenance and management issues around this approach.
Try to work with one IDP and point all application and requests to this IDP including on-premises.
