locked
MFA Server with Exchange 2010 OWA RRS feed

  • Question

  • Hi,

    I've configured an on premise MFA server for OWA. I've installed the software on the OWA (Exchange 2010 CAS) server and it's successfully working if I am using authentication type of Phone Call. If I change the method to Text Message (one-way or two way) it fails immediately during login - it doesn't even prompt me to enter the OTP. I do receive the SMS, but the OWA login page has already come back with the Azure MFA page "Login Failed - check username/password, check you have the correct phone, check you entered the correct pin" etc. etc.

    I'm sure there's a piece of configuration that's missing here as I'm not prompted for the PIN. When doing phone call authentication, the OWA form sits there waiting until the call is answered and the hash key pressed at which point you're taken to the mailbox as expected. However, with a PIN, I would expect the OWA login page (forms based) to redirect to an additional page where I can enter the PIN, but this never happens.

    Any help will be most appreciated.

    Thanks.

    Tuesday, February 16, 2016 4:13 PM

Answers

  • Two-way SMS and mobile app notifications should work the same as the phone call since the MFA challenge is handled completely through the phone. One-way SMS doesn't work with MFA Server's IIS Authentication. Using OATH Tokens (mobile app verification codes) will work, but only if you are using Forms-based IIS Authentication and not HTTP IIS Authentication. If you are having problems with two-way SMS, I suggest opening a support case to investigate since it will require reviewing of logs and interaction with you.
    Wednesday, February 17, 2016 10:44 PM

All replies

  • Hello,

    We are checking on the query and would get back to you soon on this.
    I apologize for the inconvenience and appreciate your time and patience in this matter.

    Regards,
    Neelesh
    Wednesday, February 17, 2016 11:31 AM
  • Two-way SMS and mobile app notifications should work the same as the phone call since the MFA challenge is handled completely through the phone. One-way SMS doesn't work with MFA Server's IIS Authentication. Using OATH Tokens (mobile app verification codes) will work, but only if you are using Forms-based IIS Authentication and not HTTP IIS Authentication. If you are having problems with two-way SMS, I suggest opening a support case to investigate since it will require reviewing of logs and interaction with you.
    Wednesday, February 17, 2016 10:44 PM
  • That's great thanks. I've just tried the two-way SMS and it's working although we are in the UK and the text messages arrive from a US based number. Is there any way to configure things so we receive texts from a UK based number to avoid being charged for international text messages?

    Thursday, February 18, 2016 11:02 AM