Multi-Factor Authentication – What do we know so far?

To provide additional layer of security MFA has been recently enforced in many organisation, especially after Microsoft started to offer the administrator to enable by just a flick of a button.

I’ve written an article about a scenario to troubleshoot an issue, i thought it would be nice to know the options available, and troubleshooting issues.  Hence this article.

So, first off, Microsoft offer 3 ways

  1. Office 365 MFA
  2. On-prem Azure MFA
  3. The Network Policy Server (NPS) extension for Azure MFA

In above 3 options, an appropriate license is required to make it work.  Usually, Azure AD premium license or MFA standalone license is sufficient. There are other types of license which also gives MFA feature.

Before we go in troubleshooting issues with each type, we need to understand what type of MFA needed for the organisation.

  1. Office 365 MFA  – This is generally available for all the office 365 users.  MFA can be used with any office 365 services and application which can integrate with Office 365.
  2. On-prem Azure MFA – A on-prem server is required.  This options give more control to the user.  On-prem application can be integrated with Azure MFA server.
  3. The Network Policy Server (NPS) extension for Azure MFA – This options is only for NPS.  This option is a stripped down version of on-prem Azure MFA.  If you have a NPS VPN infrastructure then this is option can be used.

Now that we know the different types, let me go in detail on each options and how you can check the logs to troubleshoot issues in upcoming article.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s