MFA license on ADFS applications

HK G 516 Reputation points
2021-09-16T19:23:12.82+00:00

I have been trying to clarify about MFA license requirement for applications (both SAAS and on-premise) federated in ADFS. We use Azure MFA in our ADFS farm. Based on the link below, MFA for on-premise applications does require either P1 and P2 license. MFA works fine in ADFS even if we didn't assign a P1 license to the user for those applications. So my question is if P1 is needed but Azure just doesn't check it or it is not a requirement unless users are authenticate through application proxy in Azure AD.

Thank you.

https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-licensing

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,664 questions
0 comments
Accepted answer
  1. AmanpreetSingh-MSFT 56,311 Reputation points
    2021-09-17T06:43:35.96+00:00

    Hi @HK G • Thank you for reaching out.

    Yes, MFA for on-premise applications does require either P1 or P2 license, but this requirement is not hard enforced. Which means, when P1/P2 license is assigned even to a single user account in a given tenant, the P1/P2 capabilities are unlocked for that tenant and all users in that tenant can use P1/P2 features. However, to stay compliant, all the users who are using the features that require P1/P2 license must be assigned with these licenses.

    So, MFA for a user without either P1 or P2 license can be enabled, but in that case you will be non-compliant.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest