Comments on: Secure access to Office 365 with Active Directory Federation Service 2019 https://practical365.com/secure-access-to-office-365-with-active-directory-federation-service-2019/ Practical Office 365 News, Tips, and Tutorials Sat, 25 Feb 2023 19:59:51 +0000 hourly 1 https://wordpress.org/?v=6.3.2 By: Dominik https://practical365.com/secure-access-to-office-365-with-active-directory-federation-service-2019/#comment-219543 Thu, 18 Jul 2019 19:44:55 +0000 https://www.practical365.com/?p=41921#comment-219543 In reply to Mark.

Hey Mark,

You can read this post about AD FS 2019, the configuration for primary auth: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/additional-authentication-methods-ad-fs

Tou your second question: AFAIK only OTP is available with AD FS 2016, but I have to test it with 2016 first as the blog is for 2019. I found the following statement in the above link:
“AD FS 2016 introduced Azure MFA as primary authentication so that OTP codes from the Authenticator App could be used as the first factor”

Hth,
Dominik

]]>
By: Mark https://practical365.com/secure-access-to-office-365-with-active-directory-federation-service-2019/#comment-219542 Thu, 18 Jul 2019 19:33:52 +0000 https://www.practical365.com/?p=41921#comment-219542 Hello,

I implemented ADFS 2016 with Azure MFA. Now when I enable it, I can only provide a username and than the OTP from the Authenticator App. I’ve got two questions:

1. I want users to provide username and password first as the primary authentication method and after that, trigger MFA.
2. I want to use the Push Notification instead of entering the OTP.

Any ideas on how to configure this right?

]]>
By: Dominik https://practical365.com/secure-access-to-office-365-with-active-directory-federation-service-2019/#comment-218468 Wed, 10 Jul 2019 16:47:54 +0000 https://www.practical365.com/?p=41921#comment-218468 In reply to Sumit.

You can use cert based authentication as primary auth method and sign in password-less.

Please have a look at my conference slides which are available at my blog for further information: Dominikhoefling.com

]]>
By: Dominik https://practical365.com/secure-access-to-office-365-with-active-directory-federation-service-2019/#comment-218467 Wed, 10 Jul 2019 16:46:23 +0000 https://www.practical365.com/?p=41921#comment-218467 In reply to Kelvin Ng.

Yes, for Azure MFA P1 is needed. Or EMS E3 which includes P1.

]]>
By: Sumit https://practical365.com/secure-access-to-office-365-with-active-directory-federation-service-2019/#comment-218072 Mon, 08 Jul 2019 13:21:05 +0000 https://www.practical365.com/?p=41921#comment-218072 I already have ADFS 2016 in place for authentication.

]]>
By: Sumit https://practical365.com/secure-access-to-office-365-with-active-directory-federation-service-2019/#comment-218070 Mon, 08 Jul 2019 13:19:51 +0000 https://www.practical365.com/?p=41921#comment-218070 I would like to use ADFS certificate based authentication for any user authenticating for Office 365 services. If user’s machine have certificate installed provided by our CA then user should be given direct access to the service without asking for credentials. How can i achieve this?

]]>
By: Kelvin Ng https://practical365.com/secure-access-to-office-365-with-active-directory-federation-service-2019/#comment-213792 Wed, 19 Jun 2019 09:31:09 +0000 https://www.practical365.com/?p=41921#comment-213792 Do I need to have Azure Active Directory Premium P1 or EMS E3 license to use MFA?

]]>
By: Dominik https://practical365.com/secure-access-to-office-365-with-active-directory-federation-service-2019/#comment-212567 Sun, 09 Jun 2019 09:48:52 +0000 https://www.practical365.com/?p=41921#comment-212567 In reply to sankar.

Hi Sankar,

I would highly recommend to upgrade your AD FS infrastructure. All identity protection features are available starting with AD FS 2016+ (except MFA, that can be used with 2012 as well).

Best,
Dominik

]]>
By: sankar https://practical365.com/secure-access-to-office-365-with-active-directory-federation-service-2019/#comment-212397 Fri, 07 Jun 2019 15:54:11 +0000 https://www.practical365.com/?p=41921#comment-212397 Hi

please let us know whether it supported on ADSFS 2012

]]>
By: Dominik https://practical365.com/secure-access-to-office-365-with-active-directory-federation-service-2019/#comment-196201 Mon, 25 Mar 2019 14:02:31 +0000 https://www.practical365.com/?p=41921#comment-196201 In reply to David.

Hi David,

it depends on either you want to enable MFA as primary or secondary authentication method. Azure MFA for secondary is automatically enabled.

Best,
Dominik

]]>