未加星标

Office 365 Multi-Factor Authentication requirements explained

字体大小 | |
[系统(windows) 所属分类 系统(windows) | 发布者 店小二05 | 时间 2017 | 作者 红领巾 ] 0人收藏点击收藏
Short version

Multi-Factor Authentication(MFA) in Office 365 is dependent on Modern Authentication which is oAuth 2.0 via ADAL that authenticates the user inAzure AD

Longer version with links to deep dives What is MFA? Multi-Factor Authentication (MFA) in Office 365 requires Modern Authentication (oAuth2.0 + ADAL) to be enabled for the clients and services that are going to use MFA MFA, Two-step verification, is a method of authentication that requires more than one verification method combined with the Azure Authenticator App, SMSor phone call verification Read more here What is Modern Authentication? Modern Authentication is oAuth 2.0 used viaADAL to enable newer applications (Outlook, Word, OneNote, Skype for Businessand other Office applications) to authenticate to services such as Skype for Business, Exchange and SharePoint In Office 2013 march 2015 update and Office 2016, Modern Authentication is enabled by default and will use an in-application browser control to render the Azure AD sign-in experience Read more here What is oAuth? Open Authentication 2.0 (oAuth 2.0) is used as a component viaADAL as the web-based authorization flow between servers or clients and servers Read more here What is ADAL? Microsoft Azure Active Directory Authentication Library (ADAL) is a tool in the .NET framework that lets client applications authenticate users to Office 365 and Azure AD Read more here Two options are available for SSO with on-premises AD that requires Modern Authentication Pass Through Authentication (PTA) Works with Office 365 only Enabled on latest AADC with outbound connection only, no DMZ server Just set up several AADC and it is automatically loadbalanced resulting in low operational cost Does not store password in Azure AD, authenticates user in on-premises AD first and presents MFA after that if enabled In combination with password sync you are not dependent on AADC uptime Read more here and here ADFS 3.0 Used for hybrid Skype for Business and Exchange environments Skype for Business server Hybrid supports Modern Authentication, but will do NTLM authentication to on-premises AD and give MFA pop-up when authenticating to Exchange Online, read more here Exchange Server hybrid requires MFA Server, read more here For best Azure MFA result an Online only deployment is recommended ADFS is best for larger organizations More complex and requires proxy servers in DMZ with pubic IP and Certificate Requires loadbalancer for high-availability Is required when doing MFA with Smart Card, 3rd party tokens and certificate based authentication Read more here You can now use Microsoft Intune to control MFA options and turn of MFA for certain subnets and conditions, read more here Read about conditional access , MFA with Intune Hybrid and SCCM Use Azure AD Premium with automated password roll-over forbusiness social media profiles protected by a MFA enabled identity with centrally controlled delegation, read more here
Office 365 Multi-Factor Authentication requirements explained

本文系统(windows)相关术语:三级网络技术 计算机三级网络技术 网络技术基础 计算机网络技术

主题: OfficeSkypeWord
分页:12
转载请注明
本文标题:Office 365 Multi-Factor Authentication requirements explained
本站链接:http://www.codesec.net/view/522279.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 系统(windows) | 评论(0) | 阅读(44)