MFA on-premise

Stefano Colombo 221 Reputation points

I'd like to know whether is possible to manage MFA for on-premise group of users as well .
The need is for having on-premise authentication for a group of privileged user to be forced to use MFA for interactive login or UAC

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,597 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Marilee Turscak-MSFT 36,336 Reputation points Microsoft Employee

    Microsoft does not support MFA server for new deployments, but if you have an existing MFA server and your users exist on premises you can enforce MFA conditionally via Remote Desktop Gateway. Note, however, that the server still needs to reach out to Azure for the MFA portion, but your users can be entirely on premises. You just need to have the correct number of licenses for your on-premises users.

    For new deployments it is recommended to use NPS extension and Azure MFA for on-premises applications.

    1 person found this answer helpful.

  2. Bhanot Ravi 31 Reputation points

    Hi sc2111 ,

    For on premise highly privilege accounts, you can use PAM and along with PAM you can use Azure MFA. Refer below URL for more information:-


  3. Chris Bunn 0 Reputation points

    You can enable and manage MFA for any/all on-premise (Active Directory) users with a third party software called UserLock.

    Enable MFA on Windows logins, RDP & RD Gateway, VPN and IIS connections. It also allows you to use on-premise AD credentials (and MFA) to securely access cloud applications such as Office365.

    Hope this helps. More information at [

    0 comments No comments