Microsoft Azure Multi-Factor Authentication (MFA)

Due to the increase in cybercrime, it is very vital to adopt appropriate security measures to prevent (stall) these threats. Multi-Factor Authentication (MFA), also known as Two-Factor Authentication (2FA) can help us overcome this by preventing unauthorized access to your application.

Microsoft Azure Multi-Factor Authentication helps safeguard access to data and applications by providing an additional layer of security. It can also be used to secure access to on-premises and cloud applications and this helps protect unauthorized access to on-premise and cloud-based applications. See the link below on how this works. Issues resulting in passwords theft and identities being compromised can be mitigated simply by using a second-factor authentication (2FA) https://channel9.msdn.com/Blogs/Azure/Windows-Azure-Multi-Factor-Authentication-Server

Want to use Azure AD MFA?
– Microsoft offers basic two-step verification features to Office 365 and Azure Active Directory (Azure AD) users and Administrators for no extra cost. See this link for additional details https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-licensing

New customers may no longer purchase Azure Multi-Factor Authentication as a standalone offering effective September 1st, 2018. Multi-factor authentication will continue to be available as a feature in Azure AD Premium or Microsoft 365 Business licenses

Also, the on-premise setup of MFA Server is no longer possible.

Microsoft

As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments on-premise. https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfaserver-deploy
New customers that would like to have MFA implemented for them should use cloud-based Azure Multi-Factor Authentication. Existing customers who have activated MFA Server prior to July 1 will be able to download the latest version, future updates and generate activation credentials as usual.

Prerequisites for deploying (using) Azure MFA
– For cloud-only environment(s) require no pre-requisites for setup.
– The hybrid Identity scenario requires Azure AD Connect. Here user identities are synchronized or federated with the on-premises Active Directory Domain Services with Azure Active Directory.
– For on-premise legacy application published for cloud access. Azure MFA with Radius Authentication requires a Network Policy Server (NPS).

Note: For Microsoft Office 2010 or earlier, or Apple Mail for iOS 11 or earlier customers would have to upgrade Microsoft Office 2013 or later and Apple mail for iOS 12 or later. Conditional Access is not supported by legacy authentication protocols.

Starting in March of 2019 the phone call options will not be available to MFA and SSPR users in free/trial Azure AD tenants. SMS messages are not impacted by this change. Phone call will continue to be available to users in paid Azure AD tenants. This change only impacts free/trial Azure AD tenants.

Stay glued for the implementation steps shortly.