3rd party MFA provider

skip hofmann 46 Reputation points
2020-04-09T19:18:10.213+00:00

We are currently evaluating using DUO as a mfa provider in Azure along with staged rollout for password hash sync. Everything appears to be working correctly. However i recently discovered there are some limitations with using 3rd party mfa providers in Azure. I need help understanding exactly what the below limitations mean?

They work only after a password has been entered
They don’t serve as MFA for step-up authentication in other key scenarios
They don’t integrate with end user or administrative credential management functions

https://techcommunity.microsoft.com/t5/azure-active-directory-identity/upcoming-changes-to-custom-co...

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,481 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Marilee Turscak-MSFT 36,246 Reputation points Microsoft Employee
    2020-04-10T20:31:48.553+00:00

    Hi @skip hofmann ,

    "They work only after a password has been entered" - I believe this just means that they won't be able to use a passwordless experience where MFA is presented before entering a password.

    "They don’t serve as MFA for step-up authentication in other key scenarios" - Step-up authentication ensures that users can access some resources with one set of credentials but will prompt them for more credentials when they request access to sensitive resources. For example, a user logs onto a site with a user name and password, and if they then try to access a part of the site which requires a higher level of verification we can trigger via code MFA. We don't want the user to have to enter username and password again but just respond to the MFA request. Once the client has responded to the MFA request they can access that side of the website.

    "They don’t integrate with end user or administrative credential management functions" - for example, an application providing user credentials directly to Azure AD.

    This is how I read it, at least. I'm going to try to loop in the author of that article though to see if he can comment and provide further clarity.


  2. Appsian 1 Reputation point
    2020-09-11T17:17:03.043+00:00

    The information you’ve shared in this blog is most useful. Thanks for sharing such quality information.

    0 comments No comments