Home

Does Azure MFA server (on-premise) work with Azure conditional access?

%3CLINGO-SUB%20id%3D%22lingo-sub-325038%22%20slang%3D%22en-US%22%3EDoes%20Azure%20MFA%20server%20(on-premise)%20work%20with%20Azure%20conditional%20access%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-325038%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20we%20wanted%20to%20leverage%20Microsoft%20conditional%20access%20and%20require%20MFA%20for%20certain%20conditions%20are%20we%20required%20to%20use%20the%20Cloud%20version%20of%20Azure%20MFA%3F%26nbsp%3B%20We%20currently%20have%20Azure%20MFA%20server%20on%20premise%20though%20haven't%20deployed%20it%20yet.%26nbsp%3B%20We%20put%20it%20on%20prem%20because%20we%20want%20to%20use%20it%20for%20our%20VPN%20as%20well%20as%20we%20use%20ADFS%203.0-%20Thank%20you%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-325038%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIdentity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMulti-Factor%20Authentication%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-325641%22%20slang%3D%22en-US%22%3ERe%3A%20Does%20Azure%20MFA%20server%20(on-premise)%20work%20with%20Azure%20conditional%20access%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-325641%22%20slang%3D%22en-US%22%3EYeah%2C%20I%20ran%20through%20that%20article%20previously%2C%20but%20I%20am%20finding%20no%20information%20on%20azure%20conditional%20access%20and%20on%20premise%20AD.%20I%20am%20also%20not%20finding%20any%20information%20that%20Azure%20MFA%20cloud%20supports%20adfs%203.0%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-325347%22%20slang%3D%22en-US%22%3ERe%3A%20Does%20Azure%20MFA%20server%20(on-premise)%20work%20with%20Azure%20conditional%20access%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-325347%22%20slang%3D%22en-US%22%3EYou%20should%20still%20be%20able%20to%20use%20Azure%20MFA%20in%20the%20cloud%20in%20your%20scenario%20so%20may%20want%20to%20look%20at%20that%20instead%20of%20the%20On-Premises%20option.%20There%20is%20an%20article%20on%20the%20docs%20site%20that%20helps%20decide%20which%20is%20best.%20It%E2%80%99s%20worth%20taking%20a%20look%20at%20before%20you%20decide.%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fconcept-mfa-whichversion%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fconcept-mfa-whichversion%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-632845%22%20slang%3D%22en-US%22%3ERe%3A%20Does%20Azure%20MFA%20server%20(on-premise)%20work%20with%20Azure%20conditional%20access%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-632845%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F271366%22%20target%3D%22_blank%22%3E%40brentmattson%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EI%20stumbled%20across%20this%20blog%20post%20which%20explains%20how%20to%20use%20azure%20mfa%20server%20with%20azure%20ad%20conditional%20access.%20I%20haven't%20tried%20it%20out%20yet%20but%20it%20seems%20legit%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fblog.kloud.com.au%2F2017%2F07%2F01%2Fusing-adfs-on-premises-mfa-with-azure-ad-conditional-access%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fblog.kloud.com.au%2F2017%2F07%2F01%2Fusing-adfs-on-premises-mfa-with-azure-ad-conditional-access%2F%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
brentmattson
Occasional Contributor

If we wanted to leverage Microsoft conditional access and require MFA for certain conditions are we required to use the Cloud version of Azure MFA?  We currently have Azure MFA server on premise though haven't deployed it yet.  We put it on prem because we want to use it for our VPN as well as we use ADFS 3.0- Thank you

3 Replies
You should still be able to use Azure MFA in the cloud in your scenario so may want to look at that instead of the On-Premises option. There is an article on the docs site that helps decide which is best. It’s worth taking a look at before you decide. https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-whichversion
Yeah, I ran through that article previously, but I am finding no information on azure conditional access and on premise AD. I am also not finding any information that Azure MFA cloud supports adfs 3.0

@brentmattson 

I stumbled across this blog post which explains how to use azure mfa server with azure ad conditional access. I haven't tried it out yet but it seems legit

https://blog.kloud.com.au/2017/07/01/using-adfs-on-premises-mfa-with-azure-ad-conditional-access/