On-prem Multi Factor Authenticator activation requirement

J. Random-Sysadm 41 Reputation points

I need to set up a MFA standalone server in a test environment in an isolated domain (domain.dev [non-publicly registered / no public DNS]).

Is activation in Azure a requirement during the setup or can a MFA server be set up?

We do have our primary domain (domain.com) syncing with a tenant in Azure via AD Connect. Could that tenant be used to activate the server in the domain .dev environment?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
17,605 questions
0 comments No comments
{count} votes

Accepted answer
  1. Vasil Michev 85,646 Reputation points MVP

    You can install the server without activating it, but you will not be able to use it. And you might also be unable to generate activation credentials if you haven't activated previous instances in the same tenant. MFA Server has not been supported for new deployments since few years now, and last week at Ignite Microsoft announced the deprecation plan:

    In September 2022, Microsoft announced deprecation of Azure AD Multi-Factor Authentication Server. Beginning September 30, 2024, Azure AD Multi-Factor Authentication Server deployments will no longer service multifactor authentication (MFA) requests, which could cause authentications to fail for your organization.

0 additional answers

Sort by: Most helpful