Installing Multi-Factor Authentication Server with the new Portal Experience

Microsoft Azure Multi-Factor Authentication

Per this week, Azure Active Directory is no longer available in the ‘Old’ Portal experience. Previously, I’ve shared with you how to download, install and configure Microsoft’s on-premises Multi-Factor Authentication Server, while using the old Portal Experience. Now, let me show you how to download, install and configure it with the ‘New’ Portal.

In this blogpost, we’ll follow the Simple Deployment scenario.

 

Step 1 Create an MFA Provider

Log onto the Azure Portal.

In the left navigation menu, click Azure Active Directory.

In the navigation menu of your Azure AD tenant (just to the right of the main navigation menu) scroll down until you reach MFA Server in the SECURITY area.

Click MFA Server.

the MFA Server blade in the Azure Portal (click for original screenshot)

In the MFA Server blade, click on Providers in the feature’s navigation menu.

No Providers for MFA Server in the Azure Portal (click for original screenshot)

Click + Add.

Add a Provider for MFA Server in the Azure Portal (click for original screenshot)

In the Add Provider blade, fill in the values for:

  • Name
    This is the name for the Multi-factor Authentication Provider. This is only shown in the Azure Portal. Make sure to create a name that corresponds to your organization’s naming convention.
  • Usage Model
    Choose between Per Enabled User or Per Authentication. The usage model cannot be changed after the Multi-Factor Authentication Provider is created. For more information, refer to Option 3 in the How to Get Azure MFA section of the What is Azure Multi-factor Authentication documentation.
  • Subscription
    Select the subscription you want to have your authentications or enabled users to be billed to.

When done, click the Add button at the bottom of the blade.

You have now successfully created the MFA Provider.

 

Step 2 Download MFA Server

Double-click the MFA Provider you just created.

In the MFA Provider’s navigation menu, click Server Settings.

Server Settings for the MFA Provider in the Azure Portal (click for original screenshot)

Click the Download link.

The Download page for Multi-Factor Authentication Server opens in a new tab, by default. Click the Download button on the page and save MultiFactorAuthenticationServerSetup.exe to disk.

Do not close the web browser, just yet.

 

Step 3 Install MFA Server

After you downloaded MultiFactorAuthenticationServerSetup.exe, open it.
Walk through the prerequisites and screens to install Multi-Factor Authentication Server.

The Welcome screen of Multi-Factor Authentication Server version 7.3.0.3 (click for original screenshot)

In the Welcome screen, click Next >.

The Activate screen of Multi-Factor Authentication Server version 7.3.0.3 (click for original screenshot)

In the Activate screen, we need to enter the activation credentials. You generate the activation credentials in the Azure Portal, so let’s switch back to the Azure Portal in our web browser:

The Generate Credentials link in the MFA Provider feature in the Azure Portal (click for original screenshot)

Click the Generate link.

This will show two more fields below the link, consisting of an e-mail address and a password. Copy these two values in the Multi-Factor Authentication Server’s Activate screen. Click Next > and close the browser screen.

The Join Group screen of Multi-Factor Authentication Server version 7.3.0.3 (click for original screenshot)

In the Join Group screen, click Next >.

The Enable Replication Between Servers screen of Multi-Factor Authentication Server version 7.3.0.3 (click for original screenshot)

In the Enable Replication Between Servers screen, click Next >.

The Select Applications screen of Multi-Factor Authentication Server version 7.3.0.3 (click for original screenshot)

In the Select Applications screen, select the applications, services and protocols you want the Multi-Factor Authentication Server to provide. At least one application needs to be selected. Click Next > when done and walk through the steps to configure the application, protocol or service.

The Finish screen of Multi-Factor Authentication Server version 7.3.0.3 (click for original screenshot)

In the Finish screen, click Finish.

You have now successfully installed and configured Multi-Factor Authentication Server.

 

Concluding

Many people I talked to about the transition of the old PhoneFactor Web Portal (PFWEB) and the old Microsoft Azure Management Portal to the new Azure Portal, were worried about not being able to select the Per Authentication licensing option, or reusing their previously configured MFA Provider settings.

The above steps show that all these options are still available.

Although Multi-Factor Authentication Server has been ‘renamed’ in the Azure Portal and the Microsoft Forums, the latest version of the product still refers to itself as the Windows Azure Multi-Factor Authentication Server… Let’s name it MFA Server, from now on.

Further reading

Marching into the future of the Azure AD admin experience: retiring the Azure AD classic portal

Related blogposts

Azure Multi-Factor Authentication is now in the new Azure Portal (in Public Preview)
Ten Things you need to know about Azure Multi-Factor Authentication Server
Azure Multi-Factor Authentication Server 7.3.0.3 with lots of improvements
Azure Multi-Factor Authentication features per license and implementation
Azure Multi-Factor Authentication Methods per Supported Protocol
Connecting to Azure MFA Server’s Web Service SDK using certificate authentication
Things to know about Billing for Azure MFA and Azure MFA Server
Supported Azure MFA Server Deployment Scenarios and their pros and cons

4 Responses to Installing Multi-Factor Authentication Server with the new Portal Experience

  1.  

    Hi Sander,
    Are you going to write a new mfa installation article like you did on 4sysops site? That article describes every step beautifully!

    • There are some (minor) errors in those articles, but they remain correct. After I decided to write the mainstream articles on 4Sysops, I decided to branch out here on DirTeam. Looking at the list of related blogposts, there sure was more to tell…

      When Microsoft releases version 8, I might. 😉

       
  2.  

    Hi Sander,

    Great article mate.
    I’m working with a client on MFA Detailed Level Design document and would like to know if you have any preferred templates? Thank you

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.