Integrating Azure MFA (YD1ADS01)
In this section, we just integrate Azure MFA
into our ADFS
farm. We will customize and use this option in Chapter 8, Using Azure AD App Proxy and Web Application Proxy:
- First of all, we need to generate a certificate for
Azure MFA
on each server using the following cmdlet:
# Replace the tenant ID to your value $certbase64 = New-AdfsAzureMfaTenantCertificate -TenantID 181031inovitdemos.onmicrosoft.com
- Next, we set the certificate as the new credential against the
Azure Multi-Factor Auth
client:
# Connect to the MsolService with your global administrator rights Connect-MsolService # Create a new Service Principal Credential the AppPrincipalId is the hardcoded one for Azure MFA New-MsolServicePrincipalCredential -AppPrincipalId 981f26a1-7f43-403b-a875-f8b09b8cd720 -Type asymmetric -Usage verify -Value $certBase64
- Now, we can configure the ADFS farm:
Set-AdfsAzureMfaTenant -TenantId 181031inovitdemos.onmicrosoft.com -ClientId 981f26a1-7f43-403b-a875-f8b09b8cd720
...