How to enable MFA in SharePoint On-Premise

Suresh S 96 Reputation points
2022-09-13T05:28:25.003+00:00

Hi All,

We have a On-Premise SharePoint 2016. We would like to enable the MFA for the users in On-Premise. Is it possible to do it? Please share the steps and feasibility. The SharePoint portal is created with FBA. Not with AD.

Thanks
Suresh S

Microsoft 365 and Office | SharePoint Server | For business
Microsoft 365 and Office | SharePoint | Development
Microsoft 365 and Office | SharePoint | For business | Windows
Microsoft 365 and Office | SharePoint Server | Development
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Xuyan Ding - MSFT 7,601 Reputation points
    2022-09-13T10:34:46.127+00:00

    Hi @Suresh S ,

    New installation of on-premise MFA is deprecated by Microsoft. Now you need to use Azure MFA Service to implement MFA for your on-premises SharePoint server. Which means, you don't have to install MFA on a server in your on-premises environment and you can leverage MFA cloud offering by Microsoft.
    Please refer to this article to use Form-Based IIS Authentication with Azure Multi-Factor Authentication Server:Configure Azure Multi-Factor Authentication Server for IIS web apps

    ==============
    Update
    You need to federate your SharePoint server with ADFS and configure Azure MFA as authentication provider with AD FS. All the step-by-step instructions are mentioned in this doc:
    Configure Azure MFA as authentication provider with AD FS

    There is a prerequisite saying "Your on-premises environment is federated with Azure AD" in the article above,but the public users you configure with FBA are not in Active Directory to sync with Azure AD.Since we are using Azure MFA Service, user identity must be present in the Azure AD tenant. In your case, you can add the external users as Guest users to your tenant by sending invitation to their email address. Once they redeem the invitation, you can configure conditional access policy to trigger MFA for guest users. Please refer to below docs for this purpose:
    Add Azure Active Directory B2B collaboration users in the Azure portal
    Enforce multi-factor authentication for B2B guest users


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  2. Suresh S 96 Reputation points
    2022-09-13T11:48:07.1+00:00

    Hi XuyanDingMSFT-4872,

    Thank you.

    Could you please refer the document or articles to use Azure MFA Service to implement MFA for on-premises SharePoint server?

    Will it work for both FBA users and AD users?


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.