The following forum(s) are migrating to a new home on Microsoft Q&A (Preview): Azure Multi-Factor Authentication!

Ask new questions on Microsoft Q&A (Preview).
Interact with existing posts until December 13, 2019, after which content will be closed to all new and existing posts.

Learn More

 none
Azure MFA & Domain Login Security RRS feed

  • Question

  • Per all the available documentation I could find regarding Azure MFA, I see that it can secure RADIUS, VPN, IIS, and LDAP. The client I am assisting has Office365 MFA but wants the higher capability of Azure MFA. One of the big questions is whether it can secure a user logging into their regular computer. For example, a user walks up to their computer and enters their username and password, and then can Azure MFA have an additional authentication method added to that process, so the user can get a phone call/text message/autheticator app code. Can Azure MFA secure regular computer logins on a domain by end users via the local console?

    Here is a link for the Azure MFA product home page that says it can support RADIUS, VPN, IIS, LDAP.

    https://azure.microsoft.com/en-us/services/multi-factor-authentication/

    Here is the page that talks about MFA server integration with Active Directory, but it does not say if I can secure users computer logins with this.

    https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-get-started-server-dirint

    I am just looking for a yes or no answer to this. Can it be done? Or do I need to purchase a 3rd party GINA replacement for windows and integrate that into Azure via the OAUTH mechanisms it supports?

    Saturday, April 29, 2017 2:16 PM

All replies

  • No, you cannot secure console loggings with MFA. For windows 10, you can perform MFA when doing an AAD Join. Once that is done, the device is considered a trusted device and MFA shouldn’t be required anymore. We are relying on windows password and windows hello for business for strong authentication on the device.

    • Edited by vijisankar Tuesday, May 2, 2017 5:34 PM
    • Proposed as answer by AVarm Wednesday, December 13, 2017 6:37 PM
    Tuesday, May 2, 2017 5:34 PM
  • Is this on the road map. We have several BPO clients as well who wants to use this. Would be great to have this when setting up an onpremise Azure MFA Server

    All the best, Eman Lacuata

    Friday, October 20, 2017 3:04 AM
  • MFA for interactive login isn’t in the road map at this time. You may leave your feedback on this here - https://feedback.azure.com/forums/34192--general-feedback
    -------------------------------------------------------------------------------------------------------------
    Do click on "Mark as Answer" on the post that helps you and vote it as helpful, this can be beneficial to other community members. 
    • Proposed as answer by vijisankar Monday, October 23, 2017 8:27 PM
    Monday, October 23, 2017 8:27 PM