Per this week, Azure Active Directory is no longer available in the ‘Old’ Portal experience. Previously, I’ve shared with you how to download, install and configure Microsoft’s on-premises Multi-Factor Authentication Server, while using the old Portal Experience. Now, let me show you how to download, install and configure it with the ‘New’ Portal.
In this blogpost, we’ll follow the Simple Deployment scenario.
Step 1 Create an MFA Provider
Log onto the Azure Portal.
In the left navigation menu, click Azure Active Directory.
In the navigation menu of your Azure AD tenant (just to the right of the main navigation menu) scroll down until you reach MFA Server in the SECURITY area.
Click MFA Server.
In the MFA Server blade, click on Providers in the feature’s navigation menu.
Click + Add.
In the Add Provider blade, fill in the values for:
This is the name for the Multi-factor Authentication Provider. This is only shown in the Azure Portal. Make sure to create a name that corresponds to your organization’s naming convention.
- Usage Model
Choose between Per Enabled User or Per Authentication. The usage model cannot be changed after the Multi-Factor Authentication Provider is created. For more information, refer to Option 3 in the How to Get Azure MFA section of the What is Azure Multi-factor Authentication documentation.
Select the subscription you want to have your authentications or enabled users to be billed to.
When done, click the Add button at the bottom of the blade.
You have now successfully created the MFA Provider.
Step 2 Download MFA Server
Double-click the MFA Provider you just created.
In the MFA Provider’s navigation menu, click Server Settings.
Click the Download link.
The Download page for Multi-Factor Authentication Server opens in a new tab, by default. Click the Download button on the page and save MultiFactorAuthenticationServerSetup.exe to disk.
Do not close the web browser, just yet.
Step 3 Install MFA Server
After you downloaded MultiFactorAuthenticationServerSetup.exe, open it.
Walk through the prerequisites and screens to install Multi-Factor Authentication Server.
In the Welcome screen, click Next >.
In the Activate screen, we need to enter the activation credentials. You generate the activation credentials in the Azure Portal, so let’s switch back to the Azure Portal in our web browser:
Click the Generate link.
This will show two more fields below the link, consisting of an e-mail address and a password. Copy these two values in the Multi-Factor Authentication Server’s Activate screen. Click Next > and close the browser screen.
In the Join Group screen, click Next >.
In the Enable Replication Between Servers screen, click Next >.
In the Select Applications screen, select the applications, services and protocols you want the Multi-Factor Authentication Server to provide. At least one application needs to be selected. Click Next > when done and walk through the steps to configure the application, protocol or service.
In the Finish screen, click Finish.
You have now successfully installed and configured Multi-Factor Authentication Server.
Many people I talked to about the transition of the old PhoneFactor Web Portal (PFWEB) and the old Microsoft Azure Management Portal to the new Azure Portal, were worried about not being able to select the Per Authentication licensing option, or reusing their previously configured MFA Provider settings.
The above steps show that all these options are still available.
Although Multi-Factor Authentication Server has been ‘renamed’ in the Azure Portal and the Microsoft Forums, the latest version of the product still refers to itself as the Windows Azure Multi-Factor Authentication Server… Let’s name it MFA Server, from now on.
Azure Multi-Factor Authentication is now in the new Azure Portal (in Public Preview)
Ten Things you need to know about Azure Multi-Factor Authentication Server
Azure Multi-Factor Authentication Server 18.104.22.168 with lots of improvements
Azure Multi-Factor Authentication features per license and implementation
Azure Multi-Factor Authentication Methods per Supported Protocol
Connecting to Azure MFA Server’s Web Service SDK using certificate authentication
Things to know about Billing for Azure MFA and Azure MFA Server
Supported Azure MFA Server Deployment Scenarios and their pros and cons