We help IT Professionals succeed at work.

365 MFA roll out problems and best practice

dougdog
dougdog asked
on
119 Views
Last Modified: 2018-11-20
advice on configuring and using 365 MFA
We are currently testing MFA
We have an issue where when a user changes their password or when they are getting prompted for MFA
Multiple Applications are popping up asking for MFA
sometimes the user gets so many prompts they are entering the wrong code
so when a password is changed or the policy is changed
outlook pops up looking MFA
Skype pops up looking MFA
SharePoint Online Pops up looking MFA
We are also using ADFS and sometimes the federated login can get in a loop asking users to sign in repeatedly
I seen an article about caching but i think this may be only related to MFA on prm server
Im just looking advice and best practice on getting MFA rolled out to all users with as little pain as possible
Comment
Watch Question

MaheshArchitect
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Have you enabled modern authentication for exchange online, skype for business?
Enable it and ensure that you will enable mfa only for those users who have latest office software installed like O365, office 2016 or 2013 sp1 with latest patches
MaheshArchitect
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
You can search experts-exchange.com for modern authentication and you will find lots post

Author

Commented:
looking to hear from people using it
why would it be popping up multiple times etc
how did people find implementing it
MaheshArchitect
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
If u have not enabled modern authentication you will face issues after u enabling mfa
However modern authentication itself have its own requirements
Hence at start i asked you question.. But you didn't answered that
CERTIFIED EXPERT
Most Valuable Expert 2015
Distinguished Expert 2019
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION

Author

Commented:
we have modern auth turned on for exchange and skype
does the caching work with cloud mfa or is it on prem mfa
was confused by the mfa server settings in the azure portal
CERTIFIED EXPERT
Most Valuable Expert 2015
Distinguished Expert 2019

Commented:
Works for both. The settings you should be looking at are the ones in the O365 portal: https://account.activedirectory.windowsazure.com/UserManagement/MfaSettings.aspx?culture=en-US&BrandContextID=O365

Author

Commented:
we do use adfs
sometime i notice  outlook can get in a loop and keep prompting for codes
does caching work with the cloud though?
is it a good idea to remember devices and skip if users are federated
CERTIFIED EXPERT
Most Valuable Expert 2015
Distinguished Expert 2019
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions