How to migrate from the Azure MFA Server
May 03, 2024 •
Microsoft is depreciating their on-premises MFA solution, Azure Multi-Factor Authentication Server, starting September 30, 2024. If you’re an Azure MFA Server customer, you may be wondering what options there are for you to stick with a trusted on-premises solution for your MFA needs.
In this blog post, we’ll explore what your options are for moving your MFA services before the September 30th deadline.
What is the Azure Multi-Factor Authentication Server?
The Azure Multi-Factor Authentication Server is an on-premises MFA solution that allows administrators to add secure authentication to a variety of applications and services.
Many organizations used the Azure MFA Server to protect VPNS, firewalls, Remote Desktop Services, and other RADIUS and LDAP-speaking services. Azure MFA Server was highly customizable and could be installed directly onto an organization’s on-premises data center. It allowed organizations to secure applications and services without relying on any external dependencies.
What are my options to migrate from Azure MFA Server?
To ensure authentications at your organization remain uninterrupted, Microsoft is recommending migrating away from the Azure MFA Server in advance of the September 30 deadline.
Microsoft is pushing existing customers to adopt the cloud-based Microsoft Entra Multi-factor Authentication product as a replacement. However, Microsoft Entra MFA lacks several key benefits that organizations relied on with the on-premises Azure MFA Server.
Let’s take a look at some aspects of Microsoft Entra that organizations should consider before moving over.
What are the limitations of Microsoft Entra?
Before switching to Microsoft Entra, organizations may want to consider the following drawbacks of the solution:
- Data Migration: To get up and running with Microsoft Entra, you’ll have to migrate all your users’ authentication data into the cloud based Microsoft Entra service.
- Cloud-hosted: The primary drawback of Microsoft Entra is the cloud-based nature of its deployment.
- Lack of control: Organizations won’t have the same flexibility and control with Microsoft Entra as they do with Azure MFA Server on-premises.
- Compliance: As it’s deployed in the cloud, Entra complicates regulations and standards about data residency and cloud-computing, such as GDPR.
If those drawbacks are a deal-breaker for your organization, you may want to consider looking elsewhere for a solution that can meet or exceed the feature-set and benefits of Azure MFA Server.
What are my other MFA options?
If you don’t want to migrate your user authentication data, it might be time to consider a third party MFA solution that’s compatible with your existing MFA on-premises deployment.
Below are some things to consider when deciding to switch to a third party MFA provider:
- Compatibility: A dedicated MFA solution may allow you to protect more of your applications and services with MFA, rather than just a Microsoft-enabled environment.
- Usability: Since third party solutions are specially designed for MFA operations, they often offer a more streamlined user experience, rather than using a patchwork of appliance-based solutions.
- Features: Dedicated MFA solutions usually offer enhanced features and policies that allow additional customization of your security settings to suit your organization’s needs.
How can I get started with a third party on-premises MFA solution?
LoginTC offers two ways for organizations to maintain an on-premises deployment when migrating.
The first is to leverage the LoginTC Cloud MFA solution and keep your on-premises Active Directory configuration. The second option is LoginTC Managed, a fully on-premises MFA solution that allows administrators complete control over their security operations.
These methods do not require administrators to migrate any data, and they allow you to choose from a wide range of authentication methods that connect on and offline to all of your existing services that Azure MFA Server protects, including VPNs, firewalls, Remote Desktop services, Windows Logon, Outlook Web App, and more.
LoginTC’s MFA is also easy to use for end-users and administrators alike. It can help organizations meet regulatory compliance standards like GDPR, NERC CIP, and more. LoginTC is also backed by ISO 27001 certified security protections.
Not sure which deployment option is right for you? Book an MFA consultation today to speak with one of our experts, or get started with a free trial right away.
