Avatar of Jerry Seinfield
Jerry Seinfield
 asked on

MFA in Azure for a hybrid org

Hello Experts,

I would like to get your thoughts about implementing MFA in Azure for a Hybrid Organization [Azure- AD on-prem].

Id like to see the options for two and three factor and understand if we can choose our own combinations (Captcha, Text to Phone, Alternate email).

Can you please provide a brief explanation of all my different choices, and a nice graph or pic of each representation ? Please, do not only attach MS links on how to deploy MFA, and a single copy/paste?

PROS and CONS of each model to be implemented? Any gotchas on each option?

Thanks in advance
AzureActive DirectoryConsultingSecurity

Avatar of undefined
Last Comment

8/22/2022 - Mon
Vasil Michev (MVP)

Two-factor is the maximum you can get, and users have control over which method to use with Azure MFA. With the on-prem version you get the option to control which method they can use, but you are still limited to two-factor, that's including any other AD FS based 2FAs.

The methods you can choose from are phone call, SMS or using the app (and using a token in the on-prem version, you can also use SMS+PIN). There are no built-in methods to use a captcha or email address, but you can use the API to create such if needed.

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck