You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -149,39 +149,39 @@ From the command line of the MFA Server, run the following command changing the
149
149
150
150
## Gather data from NPS Extension
151
151
152
-
Use the [Microsoft Privacy Portal](https://portal.azure.com/#blade/Microsoft_Azure_Policy/UserPrivacyMenuBlade/Overview) to make a request for Export.
152
+
Use the Microsoft Privacy portal to make a request for Export.
153
153
154
154
- MFA information is included in the export, which may take hours or days to complete.
155
155
- Occurrences of the username in the AzureMfa/AuthN/AuthNOptCh, AzureMfa/AuthZ/AuthZAdminCh, and AzureMfa/AuthZ/AuthZOptCh event logs are considered operational and duplicative to the information provided in the export.
156
156
157
157
## Delete data from NPS Extension
158
158
159
-
Use the [Microsoft Privacy Portal](https://portal.azure.com/#blade/Microsoft_Azure_Policy/UserPrivacyMenuBlade/Overview) to make a request for Account Close to delete all MFA cloud service information collected for this user.
159
+
Use the Microsoft Privacy portal to make a request for Account Close to delete all MFA cloud service information collected for this user.
160
160
161
161
- It may take up to 30 days for data to be fully removed.
162
162
163
163
## Gather data from Windows Server 2016 Azure AD MFA AD FS Adapter
164
164
165
-
Use the [Microsoft Privacy Portal](https://portal.azure.com/#blade/Microsoft_Azure_Policy/UserPrivacyMenuBlade/Overview) to make a request for Export.
165
+
Use the Microsoft Privacy portal to make a request for Export.
166
166
167
167
- MFA information is included in the export, which may take hours or days to complete.
168
168
- Occurrences of the username in the AD FS Tracing/Debug event logs (if enabled) are considered operational and duplicative to the information provided in the export.
169
169
170
170
## Delete data from Windows Server 2016 Azure AD MFA AD FS Adapter
171
171
172
-
Use the [Microsoft Privacy Portal](https://portal.azure.com/#blade/Microsoft_Azure_Policy/UserPrivacyMenuBlade/Overview) to make a request for Account Close to delete all MFA cloud service information collected for this user.
172
+
Use the Microsoft Privacy portal to make a request for Account Close to delete all MFA cloud service information collected for this user.
173
173
174
174
- It may take up to 30 days for data to be fully removed.
175
175
176
176
## Gather data for Azure AD MFA
177
177
178
-
Use the [Microsoft Privacy Portal](https://portal.azure.com/#blade/Microsoft_Azure_Policy/UserPrivacyMenuBlade/Overview) to make a request for Export.
178
+
Use the Microsoft Privacy portal to make a request for Export.
179
179
180
180
- MFA information is included in the export, which may take hours or days to complete.
181
181
182
182
## Delete data for Azure AD MFA
183
183
184
-
Use the [Microsoft Privacy Portal](https://portal.azure.com/#blade/Microsoft_Azure_Policy/UserPrivacyMenuBlade/Overview) to make a request for Account Close to delete all MFA cloud service information collected for this user.
184
+
Use the Microsoft Privacy portal to make a request for Account Close to delete all MFA cloud service information collected for this user.
185
185
186
186
- It may take up to 30 days for data to be fully removed.
To review and understand Azure AD Multi-Factor Authentication events, you can use the Azure Active Directory (Azure AD) sign-ins report. This report shows authentication details for events when a user is prompted for multi-factor authentication, and if any Conditional Access policies were in use. For detailed information on the sign-ins report, see the [overview of sign-in activity reports in Azure AD](../reports-monitoring/concept-sign-ins.md).
22
22
23
-
This article shows you how to view the Azure AD sign-ins report in the Azure portal, and then the MSOnline V1 PowerShell module.
@@ -36,16 +34,16 @@ The sign-ins report provides you with information about the usage of managed app
36
34
- How many users are unable to complete the MFA challenge?
37
35
- What are the common MFA issues end users are running into?
38
36
39
-
To view the sign-in activity report in the [Azure portal](https://portal.azure.com), complete the following steps. You can also query data using the [reporting API](../reports-monitoring/howto-configure-prerequisites-for-reporting-api.md).
37
+
To view the sign-in activity report in the [Microsoft Entra admin center](https://entra.microsoft.com), complete the following steps. You can also query data using the [reporting API](../reports-monitoring/howto-configure-prerequisites-for-reporting-api.md).
40
38
41
-
1. Sign in to the [Azure portal](https://portal.azure.com)using an account with *global administrator*permissions.
42
-
1.Search for and select **Azure Active Directory**, then choose **Users** from the menu on the left-hand side.
39
+
1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com)as at least an [Authentication Policy Administrator](../roles/permissions-reference.md#authentication-policy-administrator).
40
+
1.Browse to **Identity** > then choose **Users** from the menu on the left-hand side.
43
41
1. Under *Activity* from the menu on the left-hand side, select **Sign-ins**.
44
42
1. A list of sign-in events is shown, including the status. You can select an event to view more details.
45
43
46
44
The **Conditional Access** tab of the event details shows you which policy triggered the MFA prompt.
47
45
48
-
[](media/howto-mfa-reporting/sign-in-report.png#lightbox)
46
+
[](media/howto-mfa-reporting/sign-in-report.png#lightbox)
49
47
50
48
If available, the authentication is shown, such as text message, Microsoft Authenticator app notification, or phone call.
Copy file name to clipboardExpand all lines: articles/active-directory/authentication/howto-mfaserver-adfs-2.md
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,17 +1,17 @@
1
1
---
2
-
title: Use Azure MFA Server with AD FS 2.0
3
-
description: Describes how to get started with Azure MFA and AD FS 2.0.
2
+
title: Use Azure Active Directory Multi-Factor Authentication Server with AD FS 2.0
3
+
description: Describes how to get started with Azure Active Directory Multi-Factor Authentication and AD FS 2.0.
4
4
5
5
services: multi-factor-authentication
6
6
ms.service: active-directory
7
7
ms.subservice: authentication
8
8
ms.topic: how-to
9
-
ms.date: 10/29/2022
9
+
ms.date: 09/13/2023
10
10
11
11
ms.author: justinha
12
12
author: justinha
13
13
manager: amycolannino
14
-
ms.reviewer: michmcla
14
+
ms.reviewer: jpettere
15
15
16
16
ms.collection: M365-identity-device-management
17
17
---
@@ -22,7 +22,7 @@ This article is for organizations that are federated with Azure Active Directory
22
22
This documentation covers using the Azure Multi-Factor Authentication Server with AD FS 2.0. For information about AD FS, see [Securing cloud and on-premises resources using Azure Multi-Factor Authentication Server with Windows Server](howto-mfaserver-adfs-windows-server.md).
23
23
24
24
> [!IMPORTANT]
25
-
> In September 2022, Microsoft announced deprecation of Azure Multi-Factor Authentication Server. Beginning September 30, 2024, Azure Multi-Factor Authentication Server deployments will no longer service multifactor authentication (MFA) requests, which could cause authentications to fail for your organization. To ensure uninterrupted authentication services and to remain in a supported state, organizations should [migrate their users’ authentication data](how-to-migrate-mfa-server-to-mfa-user-authentication.md) to the cloud-based Azure MFA service by using the latest Migration Utility included in the most recent [Azure MFA Server update](https://www.microsoft.com/download/details.aspx?id=55849). For more information, see [Azure MFA Server Migration](how-to-migrate-mfa-server-to-azure-mfa.md).
25
+
> In September 2022, Microsoft announced deprecation of Azure Multi-Factor Authentication Server. Beginning September 30, 2024, Azure Multi-Factor Authentication Server deployments will no longer service multifactor authentication (MFA) requests, which could cause authentications to fail for your organization. To ensure uninterrupted authentication services and to remain in a supported state, organizations should [migrate their users’ authentication data](how-to-migrate-mfa-server-to-mfa-user-authentication.md) to the cloud-based Azure Active Directory Multi-Factor Authentication service by using the latest Migration Utility included in the most recent [Azure Active Directory Multi-Factor Authentication Server update](https://www.microsoft.com/download/details.aspx?id=55849). For more information, see [Azure Active Directory Multi-Factor Authentication Server Migration](how-to-migrate-mfa-server-to-azure-mfa.md).
26
26
>
27
27
> To get started with cloud-based MFA, see [Tutorial: Secure user sign-in events with Azure Multi-Factor Authentication](tutorial-enable-azure-mfa.md).
28
28
>
@@ -77,7 +77,7 @@ You enabled IIS authentication, but to perform the pre-authentication to your Ac
77
77
78
78
79
79
3. Click **Edit**.
80
-
4. In the Edit LDAP Configuration dialog box, populate the fields with the information required to connect to the AD domain controller. Descriptions of the fields are included in the Azure Multi-Factor Authentication Server help file.
80
+
4. In the Edit LDAP Configuration dialog box, populate the fields with the information required to connect to the AD domain controller.
81
81
5. Test the LDAP connection by clicking the **Test** button.
82
82
83
83
@@ -89,7 +89,7 @@ You enabled IIS authentication, but to perform the pre-authentication to your Ac
89
89
1. Next, click the **Company Settings** icon and select the **Username Resolution** tab.
90
90
2. Select the **Use LDAP unique identifier attribute for matching usernames** radio button.
91
91
3. If users enter their username in "domain\username" format, the Server needs to be able to strip the domain off the username when it creates the LDAP query, which can be done through a registry setting.
92
-
4. Open the registry editor and go to HKEY_LOCAL_MACHINE/SOFTWARE/Wow6432Node/Positive Networks/PhoneFactor on a 64-bit server. If on a 32-bit server, take the "Wow6432Node" out of the path. Create a DWORD registry key called "UsernameCxz_stripPrefixDomain" and set the value to 1. Azure Multi-Factor Authentication is now securing the AD FS proxy.
92
+
4. Open the registry editor and go to HKEY_LOCAL_MACHINE/SOFTWARE/Wow6432Node/Positive Networks/PhoneFactor on a 64-bit server. If you use a 32-bit server, remove **/Wow6432Node** from the path. Create a DWORD registry key called "UsernameCxz_stripPrefixDomain" and set the value to 1. Azure Multi-Factor Authentication is now securing the AD FS proxy.
93
93
94
94
Make sure users are imported from Active Directory into the Server. To allow users to skip two-step verification from internal IP addresses, see the [Trusted IPs](#trusted-ips).
95
95
@@ -115,7 +115,7 @@ You can secure AD FS when the AD FS proxy isn't used. Install the Azure Multi-Fa
115
115
116
116
Azure Multi-Factor Authentication is now securing AD FS.
117
117
118
-
Ensure that users have been imported from Active Directory into the Server. See the Trusted IPs section if you would like to allow internal IP addresses so that two-step verification isn't required when signing in to the website from those locations.
118
+
Ensure that users have been imported from Active Directory into the Server. See the next section if you would like to allow internal IP addresses so that two-step verification isn't required when signing in to the website from those locations.
0 commit comments