Mark Minasi's Tech Forum
Register Calendar Latest Topics Chat
 
 
 


Reply
  Author   Comment  
Wes

Senior Member
Registered:
Posts: 208
Reply with quote  #1 
We've started digging into the Enterprise Mobility Suite and there is a lot of cool stuff here!

The AAD domain join scenario is very interesting.  I am wondering if there's a way to leverage it to force Azure MFA for logins to a win2016 AAD-joined remote desktop session host.

The onprem MFA server (which is a pretty clunky leftover from the phonefactor days that doesn't directly integrate with cloud MFA) won't directly protect remote desktop servers with 2012r2 or 2016.  The only option is to hack it into functioning with remote desktop gateway via radius - no thanks.

Anyone know if the above is possible?
Thanks!
0
wobble_wobble

Avatar / Picture

Associate Troublemaker Apprentice
Registered:
Posts: 825
Reply with quote  #2 
Wes - Nope, not yet.
Still trying to get time to look at all - buts its all moving so fast now, its getting a bit silly...
Especially with documentation so far behind!


__________________
Have you tried turning it off and walking away? The next person can fix it!

New to the forum? Read this
0
Wes

Senior Member
Registered:
Posts: 208
Reply with quote  #3 
Ya I find it hard to believe people are deploying this clunky phonefactor leftover on top of MFA.  Crappy experience for the end user it seems to me.
0
Infradeploy

Avatar / Picture

Senior Member
Registered:
Posts: 166
Reply with quote  #4 
The azure Authenticator app isn't that bad. People end up using that rather than txt
__________________
Have SpaceSuit, Will Travel

0
Wes

Senior Member
Registered:
Posts: 208
Reply with quote  #5 
The Authenticator app is great.  Definitely don't want to be using SMS.  But that's not the issue...

The problem is that, with this whole separate onprem Azure MFA server setup, users not only have to register for MFA once in the cloud, but then they have to register AGAIN for "azure mfa onprem" - and that's only if you jump through all the hoops and extra infrastructure to set up the mobile web app stuff.  So users have to register twice... and I'm not even sure if the onprem registration supports push or not.  Either way, it's way too clunky.
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation:

Easily create a Forum Website with Website Toolbox.