Infrastructure with Azure MFA

zahid haseeb 41 Reputation points
2019-12-11T08:31:27.153+00:00

Please help me to understand

I am currently studying the "Azure MFA". After reading the below article I am assuming that if any of the license acquired like office365 then the person can use it for internal infrastructure as well with no extra cost. For example MFA can be use for windows login or MFA can be use for vpn dialer or MFA can be use for accessing remote desktop/terminal services with no additional cost.

https://azure.microsoft.com/en-us/pricing/details/active-directory/

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,707 questions
No comments
{count} votes

Accepted answer
  1. AmanpreetSingh-MSFT 55,226 Reputation points
    2019-12-11T10:06:31.383+00:00

    @zahid haseeb Multi-Factor Authentication for Office 365 users offers a subset of Azure MFA features at no cost for access to Office 365 services, including Exchange Online and SharePoint Online. subset of Azure MFA features means, you will not be able to perform actions such as trigger MFA using Conditional Access policies or configure trusted IPs to skip MFA (as highlighted below) as these features are available with Premium versions of Azure AD.

    alt text

    However, with the help of NPS extension, you should be able perform MFA for VPN and RDP sessions in your on premises environment.

    Note: If you activate Azure AD Premium license for 1 user, these features will be available to all users in the tenant but in order to stay compliant, you should be having premium license for all users who are using the premium features.

    Hope this answers your question. Refer to MFA FAQs here for more details.

    -----------------------------------------------------------------------------------------------------------

    Please "mark as answer" or "vote as helpful" wherever the information provided helps you to help others in the community.

    No comments

2 additional answers

Sort by: Most helpful
  1. Biju Thankappan 101 Reputation points
    2019-12-11T08:36:16.117+00:00

    Yes, correct. Take a look as this and comply with the pre-reqs.


  2. Vasil Michev 61,991 Reputation points Microsoft MVP
    2019-12-11T08:36:57.28+00:00

    It's not "any" license, you need Azure AD Premium P1 specifically if you want to protect on-premises apps: https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-licensing