![]() This is the cloud-based Azure MFA which means ADFS needs to talk directly to your Azure tenant and Azure AD to invoke Azure MFA: Again, remember this is not the Azure MFA Server from on-prem which is usually configured on the Multi-factor tab. There will be a notice asking you to integrate with an Azure AD tenant in order to use Azure MFA. You’ll notice for primary authentication there is currently no option for Azure MFA.Click ADFS > Service > Authentication Methods > Edit Primary Authentication Methods You can always run the PowerShell cmdlet “Get-AdfsFarmInformation” on your ADFS server to show your FBL version. In my example, I am using ADFS 4.0 with a Farm Behavior Level (FBL) set to 3 which means Windows Server 2016 and an Active Directory 2016 schema. I’m going to assume you have a working ADFS environment already that is federated with Azure AD using Azure AD Connect for this blogpost for a step by step guide. If you’re still on the on-prem Azure MFA Server, it is very easy to migrate to the cloud-based Azure MFA. ![]() ![]() Feature parity is pretty close to the same at this point and in my opinion, the days of Azure MFA Server on-prem are numbered. I have not deployed Azure Multi-Factor Authentication Server (on-prem/hybrid version) in a few years for anyone as pretty much everyone I work with has moved on to cloud-based Azure MFA. ![]() In order to setup Azure MFA as Primary Authentication with ADFS, this does require you to move to Azure MFA (cloud-based version). ![]()
0 Comments
Leave a Reply. |