Share via

Microsoft Entra MFA Functionalities and Future

Anonymous
2024-02-06T10:44:31.58+00:00

Dear Microsoft Support Team,
I am currently exploring the capabilities and features of Microsoft Entra MFA, as outlined in your documentation (https://learn.microsoft.com/pl-pl/entra/identity/authentication/howto-mfaserver-deploy). I have several questions regarding its functionalities and the upcoming changes announced for September 30, 2024, specifically concerning the discontinuation of Azure Multi-Factor Authentication server deployments handling authentication requests.

  1. LDAP Proxy Server Capability: Can Microsoft Entra MFA serve as an LDAP Proxy Server, performing primary authentication against an upstream LDAP directory server and then adding MFA as the second login factor? This feature is crucial for our infrastructure, as it would streamline our authentication process by integrating with our existing LDAP directory services.
  2. Is Microsoft Entra MFA capable of acting as a RADIUS Proxy? This would be particularly beneficial for supporting remote access solutions and ensuring a seamless user experience while maintaining security standards.
  3. Is there a minimum number of licenses required to purchase Microsoft Entra MFA? For comparison, some solutions like Cisco Duo have a minimum license requirement (e.g., 10 licenses). Understanding the minimum commitment would help us in planning our budget and scaling the solution according to our needs.
  4. I am confused about some pricing details. Could you provide details on the pricing model for Microsoft Entra MFA? Specifically, are the costs only associated with users who actively use MFA, or are there other pricing factors we should consider? Information on this would greatly assist in our financial planning and assessment of the overall value of integrating Microsoft Entra MFA into our security framework.

Additionally, I noticed that from September 30, 2024, Azure Multi-Factor Authentication server deployments will no longer support multi-factor authentication requests, potentially causing authentication failures within organizations. Does this mean that Microsoft is phasing out this service? I am concerned about how this change will affect the aforementioned functionalities (LDAP and Radius Proxy, minimum number of licences and pricing).

Thank you for your time and assistance. I look forward to your prompt response.

Paweł Zapiór
Cybersecurity Student at Cracow University Of Technology

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Authenticator

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Givary-MSFT 35,626 Reputation points Microsoft Employee Moderator
    2024-02-06T17:36:59.2933333+00:00

    @Paweł Zapiór Thank you for reaching out to us, As I understand you have queries on Azure MFA Server and its deployment & capabilities.

    Azure MFA Server (Server based deployment) & Azure MFA (cloud-based service), Azure MFA Server is getting depreciated soon, existing customers that activated MFA Server before July 1, 2019 can download the latest version, future updates, and generate activation credentials as usual but for the new deployment it is not possible.

    Reference: https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfaserver-deploy#:~:text=Factor%20Authentication%20Server%3A-,Important,-In%20September%202022

    Coming to your queries

    1. It is not possible to do LDAP authentication with Azure MFA (cloud-based service), Only the on-prem MFA sever supports LDAP auth, which is not available for new deployments, if you have an existing MFA server setup, consider migrating it to Azure MFA, beginning September 30, 2024, Azure Multi-Factor Authentication Server deployments will no longer service multifactor authentication requests, which could cause authentications to fail for your organization. To ensure uninterrupted authentication services and to remain in a supported state, organizations should migrate their users’ authentication data to the cloud-based Microsoft Entra multifactor authentication service by using the latest Migration Utility.
    2. Remote access solutions are supported by Azure MFA (Cloud-based service), refer to this https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-nps-extension
    3. Regarding the number of licenses required to use Microsoft Entra MFA, sales team would be the best to advice on this query - https://www.microsoft.com/en-in/microsoft-365/business/sales-support
    4. Refer to this table - Feature comparison based on licenses provides a list of the features that are available in the various versions of Microsoft Entra ID for multifactor authentication.

    Also review the FAQ about Microsoft Entra Multifactor authentication - https://learn.microsoft.com/en-us/entra/identity/authentication/multi-factor-authentication-faq

    Yes, Azure Multi-Factor Authentication Server will be deprecated 30 September 2024, hence we are recommending the customers to plan the deployment - https://azure.microsoft.com/en-in/updates/azure-multifactor-authentication-server-will-be-deprecated-30-september-2024/

    Let me know if you have any further questions, feel free to post back.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.