Nov 22 2019
- last edited on
Jan 14 2022
I have a hosted exchange that is moving us to office 365, and they have AD connect on one of my servers. I want to use Azure MFA and need to also have AD connect. There will be multiple users on both instances. Is this possible?
Nov 23 2019 01:54 PM
Yes It's possible to use Azure MFA in a hybrid environment.
Just note that out of the box, Azure MFA will only affect Azure/O365 related services and not your local Exchange .
Nov 25 2019 02:31 AM
So to get the image right, you have Hosted Exchange Environment, that is probably configured like that each Customer has it's own OU (Organizational Unite) for their AD Objects right ?
If we take that in perspective, then you need to have separate AD Connect Server for each Customer (Organizational Unit) and use extreme OU Filtering, as you will be syncing the User Objects from your Shared AD to multiple tenants, which is not recommended by Microsoft unless in extremely complicated scenarios as this might get really hard to manage in the long run and there is a tiny window for mistakes when it comes to Object Sync scenario, when for example someone from your help desk / support or something configures a wrong user, or object, then it gets synced to a wrong Tenant, we are all humans so we sometimes tend to make mistake like this ;)
But if this is more like Hosted Exchange for your company, that is used to divide departments down, then I would recommend migrating the whole Exchange to one Office 365 tenant and then use good access control between departments if they shouldn't be able to see each other, that will be much more easier management, also when it comes to Azure AD Connect / Hybrid Azure AD Join and other features it's better to have one Office 365 tenant as you will loose those features when syncing "One AD" to multiple tenants.
Hope this helps, please feel free to clarify if I'm not painting your picture right, let's find a solution to your question.