| title | description | services | documentationcenter | author | manager | editor | ms.assetid | ms.service | ms.workload | ms.tgt_pltfrm | ms.devlang | ms.topic | ms.date | ms.author |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Two-step verification and AD FS - Azure MFA | Microsoft Docs |
This is the Azure Multi-Factor authentication page that describes how to get started with Azure MFA and AD FS. |
multi-factor-authentication |
kgremban |
femila |
yossib |
44fbba68-6cf9-46c1-a9df-736580b68ae3 |
multi-factor-authentication |
identity |
na |
na |
get-started-article |
08/25/2017 |
kgremban |
Getting started with Azure Multi-Factor Authentication and Active Directory Federation Services
If your organization has federated your on-premises Active Directory with Azure Active Directory using AD FS, there are two options for using Azure Multi-Factor Authentication.
- Secure cloud resources using Azure Multi-Factor Authentication or Active Directory Federation Services
- Secure cloud and on-premises resources using Azure Multi-Factor Authentication Server
The following table summarizes the verification experience between securing resources with Azure Multi-Factor Authentication and AD FS
| Verification Experience - Browser-based Apps | Verification Experience - Non-Browser-based Apps | |:--- |:--- |:--- | | Securing Azure AD resources using Azure Multi-Factor Authentication |
Caveats with app passwords for federated users:
- App passwords are verified using cloud authentication, so they bypass federation. Federation is only actively used when setting up an app password.
- On-premises Client Access Control settings are not honored by app passwords.
- You lose on-premises authentication-logging capability for app passwords.
- Account disable/deletion may take up to three hours for directory sync, delaying disable/deletion of app passwords in the cloud identity.
For information on setting up either Azure Multi-Factor Authentication or the Azure Multi-Factor Authentication Server with AD FS, see the following articles: