Question

Will Fulmer on Tue, 26 Jan 2016 13:54:45


For a company that already has an Azure Multi-Factor Authentication Server deployed on-premises (on-prem) and fully into production - is there a way to migrate these accounts and settings/tokens, etc to the Azure MFA Cloud portion?

Is there a documented migration path or is this a new/parallel deployment?

Thanks
Will


Sponsored



Replies

Brian Desmond on Tue, 26 Jan 2016 15:33:47


Will-

There isn't feature parity between the two offerings today. For example, OATH tokens aren't supported in a pure cloud solution. Likewise RADIUS and LDAP authentication aren't possible without the on-premises MFA Server.

You can however copy phone numbers to AAD with AAD Connect or a script. You'll be able to populate the office and mobile phone number fields which MFA will use in the cloud. If the authentication phone number field is populated, though, these will be ignored.

Users will need to reactivate the mobile app - there is no way to migrate that.

Will Fulmer on Tue, 26 Jan 2016 16:15:08


Thanks,

On another note, if a company was using Azure Multi-Factor Authentication on-premises for VPN, Citrix NetScaler auth, amongst others (RADIUS & LDAP) - and there is an initiative to move to Office 365 - is it safe to assume that an MFA Cloud server is required for those users authenticating?

Will

Brian Desmond on Tue, 26 Jan 2016 16:17:02


Thanks,

On another note, if a company was using Azure Multi-Factor Authentication on-premises for VPN, Citrix NetScaler auth, amongst others (RADIUS & LDAP) - and there is an initiative to move to Office 365 - is it safe to assume that an MFA Cloud server is required for those users authenticating?

Will

Will-

It's going to depend on how your users AuthN to Azure AD (Office365). If you are using AD FS, you can integrate AD FS with your existing on-premises MFA Server deployment. If you are not, then you can use the Azure-based MFA experience. You can use the Azure-based MFA experience even if you're using AD FS, but, your users may need to re-register depending on how you set things up, plus you'll lose things like OATH tokens. 

Will Fulmer on Tue, 26 Jan 2016 16:18:25


Thank you!