Category Archives: Multi-Factor Authentication

TODO: Migrate from Azure MFA Server to Azure multi-factor authentication

This week, Microsoft made available guidance to migrate from Azure MFA Server to Azure multi-factor authentication (Azure MFA). While Microsoft officially still supports its on-premises Azure MFA Server product, the reality for organizations using MFA Server for multi-factor authentication purposes is harsh: Since MFA Server 8, released on April 10, 2018. MFA registration for the […]

0  

Multi-Factor Authentication Server version 8.0.6.1 fixes an issue on Slave Servers

Roughly 6 months ago, on August 25th 2020, we saw the release of Microsoft Multi-factor Authentication Server (MFA Server) version 8.0.5.1. Now it’s time for an update to Microsoft’s product that allows organization to add multi-factor authentication to RADIUS-, AD FS-, IIS-based and other on-premises authentication scenarios. This week, Microsoft released version 8.0.6.1. What’s New […]

0  

KnowledgeBase: Some users receive an "We're sorry, we ran into a problem" error when registering Azure MFA

Today, Raymond and I troubleshooted an issue for several people who received the ‘Sorry, we ran into a problem’ error when trying to register their security information. As is our mutual expectation, I decided to document the issue. When you run into the same situation, you might find it helpful.   The situation An Azure […]

1  

The Azure MFA SDK stops working today

Requiring multi-factor authentication for on-premises Microsoft resources has been a difficult challenge, ever since Microsoft acquired PhoneFactor in 2012 and slowly but steadily turned its technologies into Azure MFA. Today, we’re reaching the end of the line for one of the intermediate multi-factor authentication solutions: the Azure MFA SDK. About the Azure MFA SDK The […]

0  

TODO: Migrate off the ‘Skip multi-factor authentication for requests from federated users on my intranet’ settings

Trying to get rid of the PhoneFactor remnants in my Azure AD tenant, I’ve already shown hot to move from per-user MFA to Conditional Access, Move from MFA Trusted IPs to Conditional Access Named Locations and to move from the ‘Allow users to remember multi-factor authentication on devices they trust’ option to Conditional Access. Today […]

2  

Azure Multi-Factor Authentication Server 8.0.5.1 is here

Roughly 6 months ago, on February 26th, 2020, we saw the release of Microsoft Multi-factor Authentication Server (MFA Server) version 8.0.4. Now it’s time for an update to Microsoft’s product that allows organization to add multi-factor authentication to RADIUS-, AD FS-, IIS-based and other on-premises authentication scenarios. This week, Microsoft released version 8.0.5.1.   What’s […]

0  

Getting to know the devices that people in your organization use App Passwords on

On this blog, and in several other places, I’ve shared my experiences with Azure Multi-Factor Authentication. In the early days of Azure MFA, a lot of organizations, a lot of client applications and a lot of 3rd party services were not able to perform multi-factor authentication. For these situations, Microsoft provided the App Passwords functionality. […]

0  

KnowledgeBase: Users receive an error when registering MFA when Security Defaults are enabled and the mobile app verification options are disabled

Organizations are still using settings in the old PhoneFactor Multi-factor Authentication portal. However, with the new Security Defaults functionality, they may hurt themselves by locking out users, after the 14-day grace period for registering multi-factor authentication expires.   About the PhoneFactor verification options The old PhoneFactor Multi-factor Authentication portal experience is a remnant of Microsoft […]

1  

TODO: Move from MFA Trusted IPs to Conditional Access Named Locations

Trying to get rid of the PhoneFactor remnants in my Azure AD tenant, I’ve already shown hot to move from per-user MFA to Conditional Access and to move from the ‘Allow users to remember multi-factor authentication on devices they trust’ option to Conditional Access. Today let’s tackle a third configuration item: PhoneFactor’s Trusted IPs. The […]

0  

HOWTO: Delete your Windows Hello for Business Registrations

Windows Hello for Business is awesome technology, that allows for multi-factor authenticated sign-in on Windows 10 devices. When you’ve got it working the way you want it to work, it’ll work flawlessly. But, there are situation where you can’t get it to work the way you want, it stops working the way you want, or […]

0