Azure Multi-Factor Authentication Methods per Supported Protocol

Multi-Factor Authentication Server Splash Screen

Recently, I’ve been involved in some larger on-premises Azure Multi-Factor Authentication (MFA) Server projects as a senior engineer with a couple of demanding customers. It’s been a lot of fun and quite the roller coaster ride.

One of the things I noticed while consulting on Microsoft’s Azure Multi-Factor Authentication Server, is that its marketing department is doing a really great job on positioning the product as the all-in-one solution for all multi-factor authentication needs a Microsoft technology-oriented organization might have.,

The truth is that the product is not there, yet.

The table below states the authentication methods possible per supported protocol with the on-premises Multi-Factor Authentication Server, based on version 7.1.2.1:

Azure MFA for WS-Federation, WS-Trust, SAML 2.0, OAuth 2.0, LDAP, RADIUS and IIS through Phone Call, Phone Call + PIN, One-way SMS, Two-way SMS, Mobile App and OTPs. (click for larger version)

1 If the RADIUS client supports entering an OTP together with the password in the password field, this authentication method is supported.

Additionally, please note that, currently, the only way to enable multi-factor authentication for Windows-integrated or Forms-based authentication for web apps, is to install the Azure Multi-Factor Authentication Server product onto a server running Internet Information Services (IIS). The IIS Module is not a separately installable module, like the AD FS adapter is. Also, you can enforce multi-factor authentication on other types of web servers (Apache, NGINX, etc.) using ARR on the Server running IIS and the Azure Multi-Factor Authentication Server.

Related blogposts

Azure Multi-Factor Authentication Server version 7.1.2.1 for your convenience 
Choosing the right Azure MFA authentication methods 

Further reading

Azure Multi-Factor Authentication – Part 1: Introduction and licensing
Azure Multi-Factor Authentication – Part 2: Components and traffic flows
Azure Multi-Factor Authentication – Part 3: Configuring the service and server
Azure Multi-Factor Authentication – Part 4: Portals
Azure Multi-Factor Authentication – Part 5: Settings
Azure Multi-Factor Authentication – Part 6: Onboarding
Azure Multi-Factor Authentication – Part 7: Securing AD FS
Azure Multi-Factor Authentication – Part 8: Delegating Administration

leave your comment