none
Exchange 2016 MFA - Using Azure MFA? RRS feed

  • Question

  • Hoping someone could answer a question for me.

    If I have a on prem Exchange server, 2016 for example, does anyone know this server can be secured with Azure MFA? For example could sign-ins to OWA, EWS, ECP etc. request a 2FA. In this example, this a standalone Exchange deployment with no hybrid connection to O365.

    I have tried and tested successfully securing on prem RDS deployment with MFA, but this method uses Network Policy Server and only secures the RD gateway. The RDWeb component is not secure by MFA.

    I also see that Azure MFA server is deprecated as of July 2019 and Azure Cloud MFA is recommended and what I'm asking seemed to be possible within it. I cannot find any detailed documentation on how to secure on prem Exchange without having a Hybrid environment, ADFS and WAP with Hybrid Modern Auth on.

    Any advice would be greatly appreciated.

    Thursday, July 18, 2019 2:25 PM

Answers

  • You need to deploy Exchange hybrid to use Hybrid Modern Auth (HMA)

    That was stated here:

    https://techcommunity.microsoft.com/t5/Exchange-Team-Blog/Released-June-2019-Quarterly-Exchange-Updates/ba-p/698398

    Future support of Modern Authentication in on-premises Exchange

    Over the past couple of years, you have seen us deliver Modern Authentication to Exchange when running a hybrid organization.  The usual follow-on question from a handful of customers has been, “When will modern authentication be supported in non-hybrid environments?”  Our response was typically something along the lines of, “We’re looking into it.”  While that statement was true and accurate, after much deliberation we have come to the decision that this capability in on-premises Exchange server will no longer be pursued.  Our investments in Modern Authentication will be restricted to those with hybrid deployments.  We know this will be a disappointment for some customers but we wanted to make certain you were aware of this change in strategy.


    Cheers,

    Rhoderick

    Microsoft Senior Exchange PFE

    Blog: http://blogs.technet.com/rmilne  Twitter:   LinkedIn:   Facebook:   XING:

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Friday, July 19, 2019 1:17 PM

All replies

  • Hi timreece,

    Per my knowledge, no, Azure MFA is not supported for a pure Exchange on-premise environment. 

    Here is a similar thread has been discussed in Azure MFA forum: 

    Azure MFA server for Exchange 2013/2016 OWA

    I also recommend you ask this in Azure MFA forum to confirm further.


    Best Regards,
    Niko Cheng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com

    Friday, July 19, 2019 6:48 AM
    Moderator
  • You need to deploy Exchange hybrid to use Hybrid Modern Auth (HMA)

    That was stated here:

    https://techcommunity.microsoft.com/t5/Exchange-Team-Blog/Released-June-2019-Quarterly-Exchange-Updates/ba-p/698398

    Future support of Modern Authentication in on-premises Exchange

    Over the past couple of years, you have seen us deliver Modern Authentication to Exchange when running a hybrid organization.  The usual follow-on question from a handful of customers has been, “When will modern authentication be supported in non-hybrid environments?”  Our response was typically something along the lines of, “We’re looking into it.”  While that statement was true and accurate, after much deliberation we have come to the decision that this capability in on-premises Exchange server will no longer be pursued.  Our investments in Modern Authentication will be restricted to those with hybrid deployments.  We know this will be a disappointment for some customers but we wanted to make certain you were aware of this change in strategy.


    Cheers,

    Rhoderick

    Microsoft Senior Exchange PFE

    Blog: http://blogs.technet.com/rmilne  Twitter:   LinkedIn:   Facebook:   XING:

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Friday, July 19, 2019 1:17 PM