Multi-Factor Authentication for On-Premises Exchange 2016

We are looking to implement Multifactor authentication for Exchange 2016 on premises. Can you please let me know what is best solution and how we can acheive it?
LVL 2
Muhammad AsifSenior Solutions ArchitectAsked:
Who is Participating?
 
TjnoNetwork AdministratorCommented:
We are using Duo for 2FA in owa and it is okay
0
 
ITguy565Commented:
This should help answer your question :

https://c7solutions.com/2015/01/exchange-owa-and-multi-factor-authentication

  • This configuration requires the following components set up:
  • Multi Factor Authentication set up in Azure
  • Azure Multi-Factor Authentication Server installed on-premises
  • Some users configured in Azure Multi-Factor Authentication Server
  • RRAS VPN server configured to use RADIUS for authentication, with the MFA server being the RADIUS endpoint
0
 
Muhammad AsifSenior Solutions ArchitectAuthor Commented:
Hi,

Thanks for your reply.  I do not want to use any cloud service. Can you provide me any third party products which are installed only on Premises Server?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
ITguy565Commented:
What specifically are you trying to secure with MFA?

When a user logs into outlook?
When a user Logs into OWA?

When a user logs into the network?


Is this going to apply just to VPN or remote users?
Is this going to apply to LAN users?

Please be specific.
0
 
ITguy565Commented:
@   13L@CK

DUO is a nice product, I have also used it in the past. The Push alerts that come to the iPhone are extremely nice for auth to VPN and to web based applications as well as firewall based applications.

I have never actually attempted to use it to provide 2FA to a LAN based application such as Microsoft Outlook. Is it possible to do so?
0
 
Pete LongTechnical ConsultantCommented:
I deployed Duo for RDweb/RDGateway (Today!) so I'd be surprised if there is not an Outlook Web Access option, not sure about Outlook though, but as modern Outlook uses EWS anyway I'm guessing it just works the same.
0
 
TjnoNetwork AdministratorCommented:
Not it works only on OWA
0
 
Pete LongTechnical ConsultantCommented:
:) Hiya - Yeah I had a look the documentation it only mentions OWA. Pity I do like Duo.
0
 
Muhammad AsifSenior Solutions ArchitectAuthor Commented:
Hi,

Yes, you guys are right. It only supports OWA, Not active Sync , EWS and outlook anyware.  I have found below very good article which explain that even office 365 is also not providing MFA for EWS and how it can be by pass.

https://practical365.com/exchange-server/exchange-web-services-bypass-multi-factor-authentication/
1
 
Muhammad AsifSenior Solutions ArchitectAuthor Commented:
Hi Guys,

Are you aware about any other product which provide 2FA for Outlook, EWS and OWA?
1
 
Muhammad AsifSenior Solutions ArchitectAuthor Commented:
Hi,

Can any one let me know any other app other than DUO?
0
 
TjnoNetwork AdministratorCommented:
There is another solution called SafeNet, I haven't never used it but some vendors introduce it to us. Hope these documents help!

https://www2.gemalto.com/sas/implementation-guides.html
Proposal-Safenet-Authentication-Ser.docx
sas-agent-owa-configuration-guide.pdf
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.