0

We have a customer who has a SharePoint Server 2019 installation in Azure VM which is domain joined to Azure AD. There is no Windows AD present. As per new security rules, they are trying to enable MFA for SharePoint Sites so that whenever the user(Azure AD) access the sites, they get MFA prompt. Though MFA access is enabled through Azure Security Defaults, we don't get any prompts for multi-factor authentication.

We also tried to set up Azure AD as a Trusted Identity Provider in SharePoint and added SSL trust relationships and we had no luck.

Please guide us with some inputs.

Thanks in Advance

Improve this question

1 Answer 1

Reset to default
2

SharePoint Server does not support AAD Join. It must be joined to Active Directory, either AD on-prem or AAD DS (Azure AD Domain Services, the cloud-hosted Active Directory, not Azure AD).

You should be looking at putting Azure AD App Proxy in front of SharePoint which will support MFA and Azure AD Conditional Access Policies.

Improve this answer
2
  • Thanks for the response @Trevor . As per your suggestion, I Introduced On Prem AD to the current setup, enable MFA for Azure AD and added a Trusted Identity Provider in SP.Now the MFA is working fine. However since the client has been using the setup (SP Server connected to AzureAD directly) for long time, is there a way to achieve MFA without the introduction of an OnPrem AD ? Say for instance the App Proxy solution that you have suggested, does that involve On Prem AD as well ? Commented Mar 29, 2021 at 16:16
  • Again, the farm service accounts and servers must be joined to Active Directory (or AAD DS). Any other configuration is not supported. You can't use AAD accounts as service accounts and local accounts aren't supported. Commented Mar 29, 2021 at 16:40

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.