question

PriyaranjanSathyavrathan-2602 avatar image
0 Votes"
PriyaranjanSathyavrathan-2602 asked PriyaranjanSathyavrathan-2602 commented

Azure AD MFA for SharePoint Server Sites

Hi All,


We have a customer who has a SharePoint Server 2019 installation in Azure VM which is domain joined to Azure AD. There is no Windows AD present. As per new security rules, they are trying to enable MFA for SharePoint Sites so that whenever the user(Azure AD) access the sites, they get MFA prompt. Though MFA access is enabled through Security Defaults, we don't get any prompts for multi-factor authentication.


We also tried to set up Azure AD as a Trusted Identity Provider in SharePoint and added SSL trust relationships and we had no luck.


Please guide us with some inputs.


Thanks in Advance

azure-managed-identityazure-ad-identity-governance
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

vipulsparsh-MSFT avatar image
0 Votes"
vipulsparsh-MSFT answered PriyaranjanSathyavrathan-2602 commented

@PriyaranjanSathyavrathan-2602 Thanks for reaching out.

Security default does not prompt for users every time they log in. They will be prompted primarily when they are coming from a new Device or application or performing critical roles and tasks only.

Security defaults make the following admin perform MFA everytime they login :
Global administrator
SharePoint administrator
Exchange administrator
Conditional Access administrator
Security administrator
Helpdesk administrator
Billing administrator
User administrator
Authentication administrator

So the behavior you are seeing is expected for most of the scenarios.


If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.





· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @vipulsparsh-MSFT ,

Thanks for the response. However in the current setup of SP 2019 Server Domain Joined to Azure AD, we need to enable MFA whenever a user tries to log in to SharePoint Site. We want to replicate the same MFA authentication that is used by Office 365 SharePoint Sites in SharePoint 2019.

Can we still implement MFA for the SP2019(Azure VM) server which is domain joined to Azure AD(there is no local AD)? We are okay to skip Security Defaults and go with Azure AD P1/P2 if it helps.

Regards,
Priyan

0 Votes 0 ·