启用AAD的用户的本地MFA [英] On-Premises MFA for users with AAD enable

问题描述

我们通过AAD将具有Azure联合身份的2012 R2 AD通过密码同步和哈希通过AAD连接起来.我们想为用户启用本地MFA.为本地AD用户启用MFA的要求和最佳做法是什么?

We have 2012 R2 AD with Azure federation connected thru AAD with password sync and hash. We would like to enable on-premises MFA for users. What are the requirements and best practice to enable MFA for on-premises AD users?

Azure MFA已启用，但还需要本地MFA，这意味着当用户在工作中登录其台式机时，应每天早上提示他们进行MFA.

Azure MFA is enabled, but want on-premises MFA also, that means when users logged on to their desktops in work, they should be prompted for MFA everyday morning.

预先感谢您的帮助

Tek-Nerd

推荐答案

如果最终要求是在用户登录到桌面时强制MFA"，则返回否".则无法使用MFA服务器或Azure MFA.

If the final requirement is to "Enforce MFA when users are logging in to their desktops" then it is not possible using MFA server or Azure MFA.

MFA服务器可以在以下情况下使用:

MFA Server can be used in the following scenarios:

1)ADFS 2)RADIUS 3)LDAP 4)IIS 5)RDP

1) ADFS 2) RADIUS 3) LDAP 4) IIS 5) RDP 

您可以检查 doc 比较MFA服务器和Azure MFA.

You can check this doc for a comparison between the MFA server and Azure MFA.

已请求您正在寻找的功能

The feature you are looking for has been been requested here. I would suggest adding your scenario and upvoting this feature so that the product team can prioritize this feature.

这篇关于启用AAD的用户的本地MFA的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！