Multi-Factor Authentication for On-Premises Exchange 2016

We are looking to implement Multifactor authentication for Exchange 2016 on premises. Can you please let me know what is best solution and how we can acheive it?
LVL 2
Muhammad AsifSenior Solutions ArchitectAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ITguy565Commented:
This should help answer your question :

https://c7solutions.com/2015/01/exchange-owa-and-multi-factor-authentication

  • This configuration requires the following components set up:
  • Multi Factor Authentication set up in Azure
  • Azure Multi-Factor Authentication Server installed on-premises
  • Some users configured in Azure Multi-Factor Authentication Server
  • RRAS VPN server configured to use RADIUS for authentication, with the MFA server being the RADIUS endpoint
0
Muhammad AsifSenior Solutions ArchitectAuthor Commented:
Hi,

Thanks for your reply.  I do not want to use any cloud service. Can you provide me any third party products which are installed only on Premises Server?
0
ITguy565Commented:
What specifically are you trying to secure with MFA?

When a user logs into outlook?
When a user Logs into OWA?

When a user logs into the network?


Is this going to apply just to VPN or remote users?
Is this going to apply to LAN users?

Please be specific.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

DP230Network AdministratorCommented:
We are using Duo for 2FA in owa and it is okay
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ITguy565Commented:
@   13L@CK

DUO is a nice product, I have also used it in the past. The Push alerts that come to the iPhone are extremely nice for auth to VPN and to web based applications as well as firewall based applications.

I have never actually attempted to use it to provide 2FA to a LAN based application such as Microsoft Outlook. Is it possible to do so?
0
Pete LongTechnical ConsultantCommented:
I deployed Duo for RDweb/RDGateway (Today!) so I'd be surprised if there is not an Outlook Web Access option, not sure about Outlook though, but as modern Outlook uses EWS anyway I'm guessing it just works the same.
0
DP230Network AdministratorCommented:
Not it works only on OWA
0
Pete LongTechnical ConsultantCommented:
:) Hiya - Yeah I had a look the documentation it only mentions OWA. Pity I do like Duo.
0
Muhammad AsifSenior Solutions ArchitectAuthor Commented:
Hi,

Yes, you guys are right. It only supports OWA, Not active Sync , EWS and outlook anyware.  I have found below very good article which explain that even office 365 is also not providing MFA for EWS and how it can be by pass.

https://practical365.com/exchange-server/exchange-web-services-bypass-multi-factor-authentication/
1
Muhammad AsifSenior Solutions ArchitectAuthor Commented:
Hi Guys,

Are you aware about any other product which provide 2FA for Outlook, EWS and OWA?
1
Muhammad AsifSenior Solutions ArchitectAuthor Commented:
Hi,

Can any one let me know any other app other than DUO?
0
DP230Network AdministratorCommented:
There is another solution called SafeNet, I haven't never used it but some vendors introduce it to us. Hope these documents help!

https://www2.gemalto.com/sas/implementation-guides.html
Proposal-Safenet-Authentication-Ser.docx
sas-agent-owa-configuration-guide.pdf
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.