Question

"We can secure web apps that are published through Azure AD Application Proxy by using MFA Server on-premises" This statement is correct ?

Answer

理解Azure AD Application Proxy

Azure AD Application Proxy是Azure Active Directory的一个功能,允许用户从远程客户端访问本地web应用。Azure MFA Server(本地部署)是一个解决方案,允许组织为本地应用实施多因素身份验证。

集成Azure

我在探究是否可以将本地MFA服务器与Azure AD Application Proxy结合使用时发现,Azure AD Application Proxy只支持云端Azure MFA,因此本地MFA服务器不兼容。

Answer

No, the statement is incorrect. You cannot secure web applications published through Azure AD Application Proxy using the on-premises MFA Server. Azure AD Application Proxy leverages Azure AD for authentication and supports Azure Multi-Factor Authentication (MFA) in the cloud. The on-premises MFA Server cannot integrate with Azure AD Application Proxy because it is designed for on-premises applications and does not support the cloud-based authentication flow used by the proxy.

Moreover, Microsoft has deprecated the on-premises MFA Server, encouraging organizations to migrate to Azure MFA in the cloud. Therefore, to secure web apps published via Azure AD Application Proxy, you should use Azure MFA (cloud-based) instead of the on-premises MFA Server.

Answer: No; Azure AD Application Proxy requires cloud-based Azure MFA and cannot use on-premises MFA Server.

Share this Q&A