MFA for server on prem

Kak Tak 11 Reputation points
2022-12-01T12:27:56.063+00:00

Hi all,

We have a requirement for MFA login on on-prem servers or servers in azure (Azure VM's). Is this possible? Can someone please explain how this work if this is possible and how I can set this up?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,451 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Michael Durkan 12,216 Reputation points MVP
    2022-12-01T14:10:34.083+00:00

    Hi

    there is no native Microsoft solution to provide MFA for RDP or Console access. DUO would be your best bet here:

    https://duo.com/docs/rdp

    Hope this helps,

    Thanks

    Michael Durkan

    • If the reply was helpful please upvote and/or accept as answer as this helps others in the community with similar questions. Thanks!
    1 person found this answer helpful.

  2. Ravi Kanth Koppala 3,231 Reputation points Microsoft Employee
    2022-12-20T03:19:31.36+00:00

    @Kak Tak ,
    As you know, As of July 1, 2019, Microsoft will no longer offer MFA Server (on-premise solution) for new deployments. New customers who want to require multi-factor authentication from their users should use cloud-based Azure AD Multi-Factor Authentication. Existing customers who have activated MFA Server before July 1 will be able to download the latest version and future updates and generate activation credentials as usual.

    So, it is possible to set up multi-factor authentication (MFA) for on-premises servers and Azure virtual machines (VMs). MFA is a security feature that requires users to provide an additional form of authentication beyond their username and password when logging into a system. This can help reduce the risk of unauthorized access to your servers and protect against password cracking or phishing attacks.

    There are several different approaches that you can take to set up MFA for on-premises servers or Azure VMs, depending on your specific requirements and the tools that you have available. Below are some general steps that you can follow to set up MFA for on-premises servers or Azure VMs:

    • Determine which users or groups of users should be required to use MFA when logging into the servers or VMs.
    • Identify the authentication methods that you want to use for MFA. Some common options include SMS text messages, phone calls, mobile app notifications, hardware tokens, or biometric authentication (such as fingerprint or facial recognition).
    • Choose an MFA solution that is compatible with your on-premises servers or Azure VMs. Some options include:
    • Using Azure MFA, which is a cloud-based MFA service that can be used with Azure Active Directory (AD).
    • Implementing MFA using a third-party tool, such as Duo Security or Okta.
    • Setting up MFA using native tools or features provided by the operating system or applications that are running on your servers or VMs.
    • Configure the MFA solution that you have chosen to work with your servers or VMs. This may involve installing software, configuring settings, and enrolling users in the MFA service.
    • Test the MFA setup to ensure that it is working as intended and that users are able to log in using MFA successfully.

    I hope this helps! Let me know if you have any further questions or need more specific guidance on setting up MFA for your on-premises servers or Azure VMs.

    ----------

    Please "Accept as Answer" and Upvote if any of the above helped so that it can help others in the community looking for remediation for similar issues.

    1 person found this answer helpful.

  3. Limitless Technology 44,421 Reputation points
    2022-12-02T10:55:31.22+00:00

    Hello

    Thank you for your question and reaching out.

    Please note that there is no Product or services from Microsoft for MFA for On-Prem.

    There is list of Third-party MFA options which Microsoft suggest in below article.

    https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-additional-authentication-methods-for-ad-fs

    --------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.