Part I \u2013 Where to setup your MFA: In cloud or on-premises Server<\/b><\/p>\n
As discussed in an earlier blog post \u2018Azure Multi-Factor Authentication (MFA) Overview<\/a>\u2019, Multi Factor Authentication (MFA) is an important tool to help safeguard your data and applications, all while meeting the user demand of a simple sign-in process. Microsoft\u2019s cloud offering Azure also provides MFA service. But the question is, where can you execute the MFA service with Azure?<\/p>\n There are two options where a customer can choose to implement their MFA with Azure:<\/p>\n What will you choose?<\/b> You are implementing MFA because you want an exact thing to be secure. Is it an application? Or is it a website? Or a payment gateway? Maybe a financial application? Even a remote access system? It can be anything which requires added layers of security to the thing which you\u2019re securing.<\/p>\n The first and foremost question always remains: what are you trying to secure? Based on that, you can determine the best method you can implement for the Azure MFA.<\/p>\n Please have a look at the table below:<\/p>\n First-party Microsoft apps<\/b><\/p>\n The first-party applications from Microsoft can be secured in both MFA in the cloud as well as Server. The first-party applications are Microsoft\u2019s own direct offerings like Office, Project, Publisher, Outlook Web App, Calendar and many more.<\/p>\n SaaS applications in the app gallery<\/b><\/p>\n The SaaS applications such as Office 365, Box and Salesforce in the Azure Active Directory application gallery can be secured only with MFA in the cloud, and not with the MFA Server.<\/p>\n Web applications published through Azure AD App Proxy <\/b><\/p>\n The web applications which are published through Azure Active Directory App Proxy, they can be secured only with MFA in the cloud, and not with the MFA Server.<\/p>\n IIS applications not published through Azure AD App proxy<\/b><\/p>\n IIS applications that are not published through Azure AD App Proxy, only that applications can be accessed with the MFA Server.<\/p>\n Remote access like VPN, RDG<\/b><\/p>\n Remote access like Virtual Private Networks and Remote Desktop Gateway can be secured in both MFA in the cloud as well as MFA Server.<\/p>\n Since you\u2019ve decided what you are trying to secure, let us see the next question in the next blog ‘MFA Cloud or MFA Server \u2013 Depends on Where the Users Are<\/a>.’<\/p>\n\n
\nThere are three questions you need to answer before you opt for either of these two options:<\/p>\n\n
\n\n
\n \n First-party Microsoft apps<\/td>\n \n Saas apps in the App gallery<\/td>\n <\/td>\n<\/tr>\n \n Web applications published through Azure AD App Proxy<\/td>\n <\/td>\n<\/tr>\n \n IIS applications not published through Azure AD App Proxy<\/td>\n <\/td>\n \n Remote access such as VPN, RDG<\/td>\n