Azure MFA Server (on-prem) AD FS setup

Hi,
I am just looking to setup Azure MFA Server, I would like all users to require MFA when accessing https://login.microsoftonline.com from an external network and not when in the office, how would I enable this?

Current Server Setup
2x WAP in DMZ (Server 2016)
2X ADFS (Server 2016)
2x MFA (Server 2016)

I have installed the MFA ADFS adapter on the two  ADFS servers
My domain is federated with office365
Ben SAsked:
Who is Participating?
 
Vasil Michev (MVP)Connect With a Mentor Commented:
If you have already installed the MFA server and the AD FS adapter, Azure MFA should be listed as avaialble option for performing additional authentication. You can either enable one of the pre-defined settings (based on group membership, network location, device) or use custom claims rules to force MFA when needed. Here's an article on that: https://blogs.technet.microsoft.com/bulentozkir/2016/05/01/office-365-customers-who-have-adfs-installed-can-do-simple-filtered-mfa-using-adfs-claim-rules/
0
 
MaheshArchitectCommented:
In Azure MFA advanced settings enter all your corporate public IPs under "trusted IPs"

Then configure Azure Conditional Access Policies which will enforce MFA when request came from external IPs outside your corporate network, trusted Ips you set earlier should go in exception so that internal users will bypass MFA

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-azure-portal-get-started

U do need Azure AD Premium P1 / P2 licenses for this feature to work, These licenses are part of EMS or can be purchased seperately
0
 
Ben SAuthor Commented:
Hi Mahesh,

I'm using the on-prem version of MFA, do I need to change any settings on the local install?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.