Update howto-mfaserver-deploy-userportal.md

Justinha · Justinha · commit a2e988a61a6f · 2022-10-17T14:19:43.000-07:00
diff --git a/articles/active-directory/authentication/howto-mfaserver-deploy-userportal.md b/articles/active-directory/authentication/howto-mfaserver-deploy-userportal.md
@@ -6,40 +6,39 @@ services: multi-factor-authentication
 ms.service: active-directory
 ms.subservice: authentication
 ms.topic: how-to
-ms.date: 07/11/2018
+ms.date: 10/10/2022
 
 ms.author: justinha
 author: justinha
 manager: amycolannino
-ms.reviewer: michmcla
+ms.reviewer: jpettere
 
 ms.collection: M365-identity-device-management
 ---
-# User portal for the Azure Multi-Factor Authentication Server
+# User portal for the Azure AD Multi-Factor Authentication Server
 
-The user portal is an IIS web site that allows users to enroll in Azure Multi-Factor Authentication (MFA) and maintain their accounts. A user may change their phone number, change their PIN, or choose to bypass two-step verification during their next sign-on.
+The user portal is an IIS web site that allows users to enroll in Azure AD Multi-Factor Authentication (MFA) and maintain their accounts. A user may change their phone number, change their PIN, or choose to bypass two-step verification during their next sign-on.
 
 Users sign in to the user portal with their normal username and password, then either complete a two-step verification call or answer security questions to complete their authentication. If user enrollment is allowed, users configure their phone number and PIN the first time they sign in to the user portal.
 
 User portal Administrators may be set up and granted permission to add new users and update existing users.
 
-Depending on your environment, you may want to deploy the user portal on the same server as Azure Multi-Factor Authentication Server or on another internet-facing  server.
+Depending on your environment, you may want to deploy the user portal on the same server as Azure AD Multi-Factor Authentication Server or on another internet-facing  server.
 
 > [!IMPORTANT]
-> As of July 1, 2019, Microsoft no longer offers MFA Server for new deployments. New customers that want to require multi-factor authentication (MFA) during sign-in events should use cloud-based Azure AD Multi-Factor Authentication.
->
+> In September 2022, Microsoft announced deprecation of Azure AD Multi-Factor Authentication Server. Beginning September 30, 2024, Azure AD Multi-Factor Authentication Server deployments will no longer service multifactor authentication (MFA) requests, which could cause authentications to fail for your organization. To ensure uninterrupted authentication services and to remain in a supported state, organizations should [migrate their users’ authentication data](how-to-migrate-mfa-server-to-azure-mfa-user-authentication.md) to the cloud-based Azure MFA service by using the latest Migration Utility included in the most recent [Azure MFA Server update](https://www.microsoft.com/download/details.aspx?id=55849). For more information, see [Azure MFA Server Migration](how-to-migrate-mfa-server-to-azure-mfa.md).  
+
 > To get started with cloud-based MFA, see [Tutorial: Secure user sign-in events with Azure AD Multi-Factor Authentication](tutorial-enable-azure-mfa.md).
->
-> Existing customers that activated MFA Server before July 1, 2019 can download the latest version, future updates, and generate activation credentials as usual.
 
-![MFA Server User Portal log in page](./media/howto-mfaserver-deploy-userportal/portal.png)
+
+![MFA Server User portal log in page](./media/howto-mfaserver-deploy-userportal/portal.png)
 
 > [!NOTE]
 > The user portal is only available with Multi-Factor Authentication Server. If you use Multi-Factor Authentication in the cloud, refer your users to the [Set-up your account for two-step verification](https://support.microsoft.com/account-billing/how-to-use-the-microsoft-authenticator-app-9783c865-0308-42fb-a519-8cf666fe0acc) or [Manage your settings for two-step verification](https://support.microsoft.com/account-billing/change-your-two-step-verification-method-and-settings-c801d5ad-e0fc-4711-94d5-33ad5d4630f7).
 
 ## Install the web service SDK
 
-In either scenario, if the Azure Multi-Factor Authentication Web Service SDK is **not** already installed on the Azure Multi-Factor Authentication (MFA) Server, complete the steps that follow.
+In either scenario, if the Azure AD Multi-Factor Authentication Web Service SDK is **not** already installed on the Azure AD Multi-Factor Authentication (MFA) Server, complete the steps that follow.
 
 1. Open the Multi-Factor Authentication Server console.
 2. Go to the **Web Service SDK** and select **Install Web Service SDK**.
@@ -52,18 +51,18 @@ The Web Service SDK must be secured with a TLS/SSL certificate. A self-signed ce
 
 ![MFA Server configuration setup Web Service SDK](./media/howto-mfaserver-deploy-userportal/sdk.png)
 
-## Deploy the user portal on the same server as the Azure Multi-Factor Authentication Server
+## Deploy the user portal on the same server as the Azure AD Multi-Factor Authentication Server
 
-The following pre-requisites are required to install the user portal on the **same server** as the Azure Multi-Factor Authentication Server:
+The following pre-requisites are required to install the user portal on the **same server** as the Azure AD Multi-Factor Authentication Server:
 
 * IIS, including ASP.NET, and IIS 6 meta base compatibility (for IIS 7 or higher)
 * An account with admin rights for the computer and Domain if applicable. The account needs permissions to create Active Directory security groups.
 * Secure the user portal with a TLS/SSL certificate.
-* Secure the Azure Multi-Factor Authentication Web Service SDK with a TLS/SSL certificate.
+* Secure the Azure AD Multi-Factor Authentication Web Service SDK with a TLS/SSL certificate.
 
 To deploy the user portal, follow these steps:
 
-1. Open the Azure Multi-Factor Authentication Server console, click the **User Portal** icon in the left menu, then click **Install User Portal**.
+1. Open the Azure AD Multi-Factor Authentication Server console, click the **User Portal** icon in the left menu, then click **Install User Portal**.
 2. Complete the install using the defaults unless you need to change them for some reason.
 3. Bind a TLS/SSL Certificate to the site in IIS
 
@@ -78,20 +77,20 @@ If you have questions about configuring a TLS/SSL Certificate on an IIS server,
 
 ## Deploy the user portal on a separate server
 
-If the server where Azure Multi-Factor Authentication Server is running is not internet-facing, you should install the user portal on a **separate, internet-facing server**.
+If the server where Azure AD Multi-Factor Authentication Server is running is not internet-facing, you should install the user portal on a **separate, internet-facing server**.
 
 If your organization uses the Microsoft Authenticator app as one of the verification methods, and want to deploy the user portal on its own server, complete the following requirements:
 
-* Use v6.0 or higher of the Azure Multi-Factor Authentication Server.
+* Use v6.0 or higher of the Azure AD Multi-Factor Authentication Server.
 * Install the user portal on an internet-facing web server running Microsoft internet Information Services (IIS) 6.x or higher.
 * When using IIS 6.x, ensure ASP.NET v2.0.50727 is installed, registered, and set to **Allowed**.
 * When using IIS 7.x or higher, IIS, including Basic Authentication, ASP.NET, and IIS 6 meta base compatibility.
 * Secure the user portal with a TLS/SSL certificate.
-* Secure the Azure Multi-Factor Authentication Web Service SDK with a TLS/SSL certificate.
-* Ensure that the user portal can connect to the Azure Multi-Factor Authentication Web Service SDK over TLS/SSL.
-* Ensure that the user portal can authenticate to the Azure Multi-Factor Authentication Web Service SDK using the credentials of a service account in the "PhoneFactor Admins" security group. This service account and group should exist in Active Directory if the Azure Multi-Factor Authentication Server is running on a domain-joined server. This service account and group exist locally on the Azure Multi-Factor Authentication Server if it is not joined to a domain.
+* Secure the Azure AD Multi-Factor Authentication Web Service SDK with a TLS/SSL certificate.
+* Ensure that the user portal can connect to the Azure AD Multi-Factor Authentication Web Service SDK over TLS/SSL.
+* Ensure that the user portal can authenticate to the Azure AD Multi-Factor Authentication Web Service SDK using the credentials of a service account in the "PhoneFactor Admins" security group. This service account and group should exist in Active Directory if the Azure AD Multi-Factor Authentication Server is running on a domain-joined server. This service account and group exist locally on the Azure AD Multi-Factor Authentication Server if it is not joined to a domain.
 
-Installing the user portal on a server other than the Azure Multi-Factor Authentication Server requires the following steps:
+Installing the user portal on a server other than the Azure AD Multi-Factor Authentication Server requires the following steps:
 
 1. **On the MFA Server**, browse to the installation path (Example: C:\Program Files\Multi-Factor Authentication Server), and copy the file **MultiFactorAuthenticationUserPortalSetup64** to a location accessible to the internet-facing server where you will install it.
 2. **On the internet-facing web server**, run the  MultiFactorAuthenticationUserPortalSetup64 install file as an administrator, change the Site if desired and change the Virtual directory to a short name if you would like.
@@ -113,11 +112,11 @@ Installing the user portal on a server other than the Azure Multi-Factor Authent
 
 If you have questions about configuring a TLS/SSL Certificate on an IIS server, see the article [How to Set Up SSL on IIS](/iis/manage/configuring-security/how-to-set-up-ssl-on-iis).
 
-## Configure user portal settings in the Azure Multi-Factor Authentication Server
+## Configure user portal settings in the Azure AD Multi-Factor Authentication Server
 
-Now that the user portal is installed, you need to configure the Azure Multi-Factor Authentication Server to work with the portal.
+Now that the user portal is installed, you need to configure the Azure AD Multi-Factor Authentication Server to work with the portal.
 
-1. In the Azure Multi-Factor Authentication Server console, click the **User Portal** icon. On the Settings tab, enter the URL to the user portal in the **User Portal URL** textbox. If email functionality has been enabled, this URL is included in the emails that are sent to users when they are imported into the Azure Multi-Factor Authentication Server.
+1. In the Azure AD Multi-Factor Authentication Server console, click the **User Portal** icon. On the Settings tab, enter the URL to the user portal in the **User Portal URL** textbox. If email functionality has been enabled, this URL is included in the emails that are sent to users when they are imported into the Azure AD Multi-Factor Authentication Server.
 2. Choose the settings that you want to use in the User Portal. For example, if users are allowed to choose their authentication methods, ensure that **Allow users to select method** is checked, along with the methods they can choose from.
 3. Define who should be Administrators on the **Administrators** tab. You can create granular administrative permissions using the checkboxes and dropdowns in the Add/Edit boxes.
 
@@ -129,7 +128,7 @@ Optional configuration:
 
 ![MFA Server User Portal configuration](./media/howto-mfaserver-deploy-userportal/config.png)
 
-Azure Multi-Factor Authentication server provides several options for the user portal. The following table provides a list of these options and an explanation of what they are used for.
+Azure AD Multi-Factor Authentication server provides several options for the user portal. The following table provides a list of these options and an explanation of what they are used for.
 
 | User Portal Settings | Description |
 |:--- |:--- |
@@ -157,15 +156,15 @@ These settings become visible to the user in the portal once they are enabled an
 
 If you want your users to sign in and enroll, you must select the **Allow users to log in** and **Allow user enrollment** options under the Settings tab. Remember that the settings you select affect the user sign-in experience.
 
-For example, when a user signs in to the user portal for the first time, they are then taken to the Azure Multi-Factor Authentication User Setup page. Depending on how you have configured Azure Multi-Factor Authentication, the user may be able to select their authentication method.
+For example, when a user signs in to the user portal for the first time, they are then taken to the Azure AD Multi-Factor Authentication User Setup page. Depending on how you have configured Azure AD Multi-Factor Authentication, the user may be able to select their authentication method.
 
 If they select the Voice Call verification method or have been pre-configured to use that method, the page prompts the user to enter their primary phone number and extension if applicable. They may also be allowed to enter a backup phone number.
 
 ![Register primary and backup phone numbers](./media/howto-mfaserver-deploy-userportal/backupphone.png)
 
-If the user is required to use a PIN when they authenticate, the page prompts them to create a PIN. After entering their phone number(s) and PIN (if applicable), the user clicks the **Call Me Now to Authenticate** button. Azure Multi-Factor Authentication performs a phone call verification to the user's primary phone number. The user must answer the phone call and enter their PIN (if applicable) and press # to move on to the next step of the self-enrollment process.
+If the user is required to use a PIN when they authenticate, the page prompts them to create a PIN. After entering their phone number(s) and PIN (if applicable), the user clicks the **Call Me Now to Authenticate** button. Azure AD Multi-Factor Authentication performs a phone call verification to the user's primary phone number. The user must answer the phone call and enter their PIN (if applicable) and press # to move on to the next step of the self-enrollment process.
 
-If the user selects the Text Message verification method or has been pre-configured to use that method, the page prompts the user for their mobile phone number. If the user is required to use a PIN when they authenticate, the page also prompts them to enter a PIN.  After entering their phone number and PIN (if applicable), the user clicks the **Text Me Now to Authenticate** button. Azure Multi-Factor Authentication performs an SMS verification to the user's mobile phone. The user receives the text message with a one-time-passcode (OTP), then replies to the message with that OTP plus their PIN (if applicable).
+If the user selects the Text Message verification method or has been pre-configured to use that method, the page prompts the user for their mobile phone number. If the user is required to use a PIN when they authenticate, the page also prompts them to enter a PIN.  After entering their phone number and PIN (if applicable), the user clicks the **Text Me Now to Authenticate** button. Azure AD Multi-Factor Authentication performs an SMS verification to the user's mobile phone. The user receives the text message with a one-time-passcode (OTP), then replies to the message with that OTP plus their PIN (if applicable).
 
 ![User portal verification using SMS](./media/howto-mfaserver-deploy-userportal/text.png)
 
@@ -176,14 +175,14 @@ If the user selects the Mobile App verification method, the page prompts the use
 
 The page then displays an activation code and a URL along with a barcode picture. If the user is required to use a PIN when they authenticate, the page additionally prompts them to enter a PIN. The user enters the activation code and URL into the Microsoft Authenticator app or uses the barcode scanner to scan the barcode picture and clicks the Activate button.
 
-After the activation is complete, the user clicks the **Authenticate Me Now** button. Azure Multi-Factor Authentication performs a verification to the user's mobile app. The user must enter their PIN (if applicable) and press the Authenticate button in their mobile app to move on to the next step of the self-enrollment process.
+After the activation is complete, the user clicks the **Authenticate Me Now** button. Azure AD Multi-Factor Authentication performs a verification to the user's mobile app. The user must enter their PIN (if applicable) and press the Authenticate button in their mobile app to move on to the next step of the self-enrollment process.
 
-If the administrators have configured the Azure Multi-Factor Authentication Server to collect security questions and answers, the user is then taken to the Security Questions page. The user must select four security questions and provide answers to their selected questions.
+If the administrators have configured the Azure AD Multi-Factor Authentication Server to collect security questions and answers, the user is then taken to the Security Questions page. The user must select four security questions and provide answers to their selected questions.
 
 ![User portal security questions](./media/howto-mfaserver-deploy-userportal/secq.png)
 
 The user self-enrollment is now complete and the user is signed in to the user portal. Users can sign back in to the user portal at any time in the future to change their phone numbers, PINs, authentication methods, and security questions if changing their methods is allowed by their administrators.
 
 ## Next steps
 
-- [Deploy the Azure Multi-Factor Authentication Server Mobile App Web Service](howto-mfaserver-deploy-mobileapp.md)
+- [Deploy the Azure AD Multi-Factor Authentication Server Mobile App Web Service](howto-mfaserver-deploy-mobileapp.md)
