Azure Multi-Factor Authentication Server version 7.1.2.1 for your convenience

Reading Time: 3 minutes


This week, Microsoft released version 7.1.2.1 of its on-premises Azure Multi-Factor Authentication Server to replace the revoked Azure Multi-Factor Authentication Server v7.1.1.1 bits, due to a signing issue in the Azure Multi-Factor Authentication User Portal, that resulted in problems with some Azure Multi-Factor Authentication Server deployments.

 

What’s New

Allow users to choose their authentication method during user portal sign-in

After the success of the change in the Azure Multi-Factor Authentication (MFA) Adapter for Active Directory Federation Services (AD FS) that allowed users to choose their authentication method when authenticating to AD FS-connected resources, the User Portal website now also supports this feature.

This allows users to change their additional authentication method(s) in case of a lost/replaced device and or unavailability of network connectivity. It adds flexibility to users to handle these kinds of situations.

Added support for Application Name for AD FS adapter

When you install the Azure Multi-Factor Authentication (MFA) Adapter for Active Directory Federation Services (AD FS), it will register itself with the default name of “Azure Multi-Factor Authentication”. You can now change this.

Added size limit checks to LDAP Import and AD Sync

Azure Multi-Factor Authentication Server utilizes its own phonefactor.pfdata database to store its information in. You can sync user definitions into this database using LDAP and Active Directory synchronization. Now, size limit checks have been added to these import activities.

Added Page Time Limit configuration to LDAP

Next to default query size limit (10000) for LDAP, and the above size limit, an additional time limit can be configured for Use specific LDAP configuration on the Settings tab for Directory Integration.

Edit LDAP Configuration for Directory Integration in the MFA Server Management UI (click for original screenshot)

The value for Page time limit specifies the number of seconds to wait for each page to be returned from the LDAP directory.  The default value is 2 seconds.

Fixed several bugs

Every software has bugs. In version 7.1.1.1 a couple of bugs were fixed, including a bug that prevent 32-bit Internet Information Services (IIS)-based web applications from working. In version 7.1.2.1 the bug was fixed with the signing of the User Portal.

 

Download

Version 7.1.2.1 of the on-premises Azure Multi-Factor Authentication (MFA) Server can be downloaded via the old-fashioned Azure Management Portal or straight from the MFA Management Portal:

  1. Log on to the Azure Portal.
  2. In the column on the left that lists all the available items and services, scroll down until you reach ACTIVE DIRECTORY.
  3. In the main pane, select the default directory.
  4. Just above the list of directories, click the text MULTI-FACTOR AUTH PROVIDERS.
  5. Click the Multi-Factor Authentication Provider that you’ve configured for your organization and is marked as Active in the STATUS column.
  6. Click MANAGE in the bottom pane on the general settings for the Multi-Factor Authentication Provider.
  7. This will redirect you to your tenant view of the PhoneFactor Portal.
  8. In the main pane of the portal click on the Downloads header.
  9. Click the Download link below the list of supported platforms.

Save MultiFactorAuthenticationServerSetup.exe to a network location where you can use it from each of the Windows Servers that have Azure Multi-Factor Authentication installed.

 

Concluding

Version 7.0.2.1 of Azure MFA Server provides new functionality, but also deprecates some other functionality. As an organization contemplating, evaluating or using Azure MFA Server, the impact of the depcrated features might cause you to stick with a previous version or even an alternative technology.

Related blogposts

Azure Multi-Factor Authentication Server version 7.0.2.1 is here
Azure Multi-Factor Authentication Server reaches version 7.0.0.9
Knowledgebase: You receive a “Web Service Requests must be protected by authentication” error when activating a Multi-Factor Auth app
KnowledgeBase: Users in Azure Multi-Factor Authentication Server 6.3.x and up can not select One-Way OTP or PIN options in the User Portal
KnowledgeBase: Azure MFA Portal shows error “Error communicating with the local Multi-Factor Authentication service. Please contact your administrator.”
Choosing the right Azure MFA authentication methods

Further reading

Azure Multi-Factor Authentication – Part 1: Introduction and licensing
Azure Multi-Factor Authentication – Part 2: Components and traffic flows
Azure Multi-Factor Authentication – Part 3: Configuring the service and server
Azure Multi-Factor Authentication – Part 4: Portals
Azure Multi-Factor Authentication – Part 5: Settings
Azure Multi-Factor Authentication – Part 6: Onboarding
Azure Multi-Factor Authentication – Part 7: Securing AD FS
Azure Multi-Factor Authentication – Part 8: Delegating Administration

Posted on August 24, 2016 by Sander Berkouwer in Entra ID, Multi-Factor Authentication

2 Responses to Azure Multi-Factor Authentication Server version 7.1.2.1 for your convenience

  1.  

    That's great. But when do you think they'll add support for 2012 R2 and Windows 10?

    from Michael Russo November 22, 2016 at 4:43 PM
  2.  

    How can one get a report from the On-Premise MFA server to determine who has completed the enrollment?

    from Tommie October 18, 2017 at 12:22 PM

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.