Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure your Infrastructure with Azure Multi-Factor Authentication Server Prabhat Nigam Golden Five Consulting.

Published by우민 순 Modified over 6 years ago

Similar presentations

Presentation on theme: "Secure your Infrastructure with Azure Multi-Factor Authentication Server Prabhat Nigam Golden Five Consulting."— Presentation transcript:

1 Secure your Infrastructure with Azure Multi-Factor Authentication Server
Prabhat Nigam Golden Five Consulting

2 Prabhat Nigam CTO – Golden Five Consulting CEO - LAEXUG Foundation
18 years in IT | Worked for All IT Giants 3xMVP, Blogger, Speaker, Author, Father, Husband Blog: MSExchangeguru.com Website: GoldenFiveConsulting.com Phone: LinkedIn:

3 Agenda Identifying the Security Risk Security Options
Azure Multi-Factor Authentication Secure Your Infrastructure with Azure MFA

4 Security Analysis shared By Microsoft
160 million customer records compromised days between infiltration and detection 87% of senior managers admit using personal accounts for work 50% year over year growth in electronic data Ever-evolving industry standards across geographies

5 Recent Cyber Attacks My Doom A Virus which caused $38.5 Billion Financial damage Year 2016 witnessed frequent cyber-attacks Increased by 400 hundred percent Malware Attack nearly doubled billon Cesar Ransomware – Witnessed by me $18000 Ransom paid by Hospital in my city Ransomware or Crypto Virus or Crypto-Locker Chief of Police wrote this:

6 Reality Check of Cyber Attack
How many here has been experienced of cyber attack? Or Your Organization has been attacked. Let us check here.

7 Security Options No Internet DMZ VPN Enforce Paraphrase Password
MFA or Two Factor Authentication

8 Multi-Factor Authenticationoptions
OCTA MFA AWS MFA RSA Token Symantec VIP CA Advance authentication Duo Two Factor Authentication Eset Two Factor Authentication Azure MFA

9 Azure MFA Options There are two versions of Azure MFA
Office 365 version On-Premise version Azure Multi-Factor Authentication Server

10 Azure MFA O365 Version Conditions User 9/18/2018 8:42 AM
Location (IP range) Allow access Or Device state Enforce MFA per user/per app User group MFA Risk Block access © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Download Azure MFA Server
Login to Azure Add either of these licenses Azure Multi-Factor Authentication, Azure Active Directory Premium,  Enterprise Mobility Suite Enterprise Cloud Suite. Expand the Active Directory  Clicked on Configure browse down to “multi-factor Authentication”  Clicked on “Manage Service Settings” 4. Click on “Go to the Portal” 5. Click on Downloads then on Download

12 Applications Required to Secure Infrastructure
We need to deploy the following: On Premises Server 1 with the following: Active Directory Federation Services (ADFS) Azure Multi-Factor Authentication (AMFA) Server 2 with the following: Remote Desktop WEB (RDW) Remote Desktop Gateway (RDG) Network Policy Server (NPS) Web Application Proxy (WAP).

13 Configure Secure Office with Azure MFA 1
We need to configure the following: Obtain an SSL Cert with the private key Install & Configure Azure MFA Server Install & Configure ADFS. Also configure to use Azure MFA Install & Configure Web Application Proxy to connect to ADFS Server Install and Configure RDWeb, RDGateway and Network Policy Server for Radius pointing to Azure MFA Configure Azure MFA for Radius Server Configure Certificate at all the places.

14 Configure Secure Office with Azure MFA 2
Configure external dns for ADFS url to Point to WAP Server Point your RDWeb Portal and RDGateway DNS to the same WAP server. In ADFS configure the following: Add Relying party trusts for OWA and ECP and add claims. Add Non-Claims aware Relying party Trust in the ADFS server Add Office 365 relying party Trust and add claims. Configure WAP all the External URL except OWA/ECP Configure Exchange server for Azure MFA Configure Application for the RDWeb Portal Page.

15 Azure MFA Server Architecture
9/18/2018 8:42 AM Azure MFA Server Architecture MFA Allow access Or Azure AD and MFA Token server Block access User 4 RDWEB will send direct request to MFA Server Azure MFA Exchange Enforce MFA per user/per app 3 WAP |RDW|RDG 1 AD FS 2 AD DC © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Azure MFA Server: Known Issues
Twice MFA Prompt for MAC Users Expected behavior Work around is to add cache NPS Database Corruption Uninstall and Reinstall NPS, RDGateway Restart the server then reconfigure everything. OWA Showing Blank Page Configure OWA Redirection in IIS at “Default Web SiteOWAAuth” Unable to connect to the Master MFA server Add MFA computer object in “PhoneFactor Admins” Group membership Unable to Open Application on Non-IE Browsers Use correct parameter with the cmd Set-RDSessionCollectionConfiguration Thin PC Getting Certificate popup Add Certificate thumbprint using GPO

17 Takeaways Reasons to secure your Infrastructure?
Ways to Secure your Infrastructure? How can we Use Azure MFA to Secure whole Infrastructure Places to troubleshoot Azure MFA

18 References

19 Connect For More Twitter: @MSExchangeGuru @PrabhatNigamXHG
Facebook Group: Microsoft Exchange 2016 Microsoft Exchange Server 2019 YouTube: MSExchangeGuru Channel Yammer: Microsoft Exchange Server 2019 LinkedIn: Microsoft Exchange Server Microsoft Exchange Server 2013 Microsoft Exchange Server 2016 User Groups: LAEXUG LACIUG LAEXUG_ALL_IT

20 Merci mulțumesc go raibh maith agat धन्यवाद σας ευχαριστώ Thank You

21

Download ppt "Secure your Infrastructure with Azure Multi-Factor Authentication Server Prabhat Nigam Golden Five Consulting."

Similar presentations

MIX 09 4/15/2017 11:14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

MIX 09 4/15/ :14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

Secure Windows App Development. Authentication.

Secure Windows App Development. Authentication.
Browser Identity Provider Access Control Application.

Browser Identity Provider Access Control Application.
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks.

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks.
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.
04 | Business Analyzer Brian Meier| Senior Lead Program Manager.

04 | Business Analyzer Brian Meier| Senior Lead Program Manager.

Office 365 Upsell Paths.

Office 365 Upsell Paths.
Identity; What you need to know to be in the Microsoft Cloud

Identity; What you need to know to be in the Microsoft Cloud
Active Directory Modernization Technical competitive comparison

Active Directory Modernization Technical competitive comparison
Microsoft Virtual Academy

Microsoft Virtual Academy
The time to address enterprise mobility is now

The time to address enterprise mobility is now
Deployment Planning Services

Deployment Planning Services
Deployment Planning Services

Deployment Planning Services
Azure AD Application Proxy

Azure AD Application Proxy
Virtual desktops in the cloud: Experiences from the field

Virtual desktops in the cloud: Experiences from the field
Introduction to Windows Azure AppFabric

Introduction to Windows Azure AppFabric

Similar presentations

Ads by Google