从Windows Server 2016启用MFA [英] Enable MFA from Windows Server 2016
问题描述
早上好,您能否帮助我了解有关MFA Azure配置的信息,但不能进入azure控制台,而是通过远程桌面连接到服务器。
想法是通过远程桌面在Azure中输入服务器并要求我们进行双重身份验证
您好,
我很确定您需要一个RDP网关才能在Azure中的VM上使用MFA。 但是,这会增加复杂性,如果您的MFA提供商关闭(几个月前Azure MFA已经停机12小时!)那么您将无法登录。
我完全得到了这是为了安全锁定事情! 但我的建议是使用安全中心和JIT(及时)访问虚拟机并保留MFA仅用于门户。
JIT基本上是临时添加NSG规则的功能对于VM的RDP。 这意味着当您不使用VM时,RDP未启用入站,因此在这些时候不需要额外的安全层。
使用上述方法移动安全性管理远离VM(这总是很好)如果MFA提供商遇到任何问题,你仍然可以RDP到VM。
但是如果你真的想使用MFA对于VM,那么你需要一个RDP网关来支持这个(除非有我不知道的更新)。
谢谢,
马特
Good morning, could you please help me with information about the MFA Azure configuration but not to enter the azure console but to connect to a server by remote desktop.
the idea is to enter a server in Azure by remote desktop and ask us for double authentication
Hi,
I'm pretty sure you need an RDP Gateway to use MFA on VMs in Azure. However, this does add complexity and if your MFA provider is down (Azure MFA was down a few months ago for 12 hours!) then you wont be able to log in.
I completely get that this is to lock things down for security! But my recommendation would be to use Security Centre with JIT (Just In Time) access to the VMs and keep MFA just for the portal.
JIT is basically a feature to temporarily add an NSG rule for RDP to the VM. What this means is that when you're not using the VM, RDP is not enabled inbound and so there is no need for extra security layer at these times.
Using the above moves the security management away from the VM (which is always nice) and if there are every any issues with the MFA provider, you can still RDP to the VM.
But if you really want to use MFA for VMs then you'll need an RDP Gateway to support this (unless there has been an update that I'm not aware of).
Thanks,
Matt
这篇关于从Windows Server 2016启用MFA的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
