Azure MFA to On-premises applications without ADFS and AzADAppProxy

Question

Hi.
I need to know what options do I have to force my internal apps to request Azure MFA when my clients access internally (or externally, published in the firewall).
I don't want that my on-premises apps needs to go via application proxy via azure, because all my Portuguese clients needs to access to north europe.
I Have ADFS but want remove from environment.
MFA Server is going out of scope from Microsoft.
There is some way to connect my internal app directly to azure AD only to force MFA, but user traffic don't go out of my on-premises infrastructure?

Answer 1

Hi,

In this scenario you will have to migrate your apps to Azure and setup SSO, after the apps are migrated you will have to decom ADFS Server and with P1 License you use MFA for the users but for this scenario you will have to setup conditional access policy as per the requirements.

ADFS to Azure AD Migration - https://learn.microsoft.com/en-GB/azure/active-directory/manage-apps/migrate-adfs-application-activity

Detailed design will be required for the Apps migration and testing so please review all the phases here - https://learn.microsoft.com/en-gb/azure/active-directory/manage-apps/migrate-adfs-apps-phases-overview

For MFA setup on Azure follow the guidelines here and also the conditional access policy will be required - https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-getstarted

==

Please Accept the answer if the information helped you. This will help us and others in the community as well.