none
Enable MFA from Windows Server 2016 RRS feed

  • Question

  • Good morning, could you please help me with information about the MFA Azure configuration but not to enter the azure console but to connect to a server by remote desktop.

    the idea is to enter a server in Azure by remote desktop and ask us for double authentication

    Monday, May 6, 2019 3:40 PM

All replies

  • Hi,

    I'm pretty sure you need an RDP Gateway to use MFA on VMs in Azure.  However, this does add complexity and if your MFA provider is down (Azure MFA was down a few months ago for 12 hours!) then you wont be able to log in.

    I completely get that this is to lock things down for security!  But my recommendation would be to use Security Centre with JIT (Just In Time) access to the VMs and keep MFA just for the portal.

    JIT is basically a feature to temporarily add an NSG rule for RDP to the VM.  What this means is that when you're not using the VM, RDP is not enabled inbound and so there is no need for extra security layer at these times.

    Using the above moves the security management away from the VM (which is always nice) and if there are every any issues with the MFA provider, you can still RDP to the VM.

    But if you really want to use MFA for VMs then you'll need an RDP Gateway to support this (unless there has been an update that I'm not aware of).

    Thanks,

    Matt

    Monday, May 6, 2019 3:51 PM
  • Matt, But if you really want to use MFA for VMs then you'll need an RDP Gateway to support this (unless there has been an update that I'm not aware of). How do I enable this what you say? could you make a remote session and help me ????

    Monday, May 6, 2019 4:20 PM
  • Hi,

    I'm not sure how remote access works on these forums and whether it would be against T&Cs.  But the below link will guide you through the process of building this if this is the route you want to go down:

    https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfaserver-nps-rdg

    Let me know if you have any further questions.

    Thanks,

    Matt

    Monday, May 6, 2019 4:22 PM
  • Please let me know if you find above reply useful. If yes, do click on 'Mark as answer' link in above reply. This will help other community members facing similar query to refer to this solution. Thanks.
    Saturday, June 1, 2019 12:10 AM
    Moderator
  • Please let us know if the above answers were helpful and remember to mark as answer.

    If none of the answers helped you, let us know, and we'll try to provide assistance. Thanks!

    Thursday, June 6, 2019 12:55 AM
    Moderator
  • I'm following up on this, please remember to mark one of the responses as answer if your question has been answered. If not please let us know if there are anymore questions.

    Thanks!

    Friday, June 21, 2019 5:53 PM
    Moderator