Implement DUO to ADFS 3.0 question - Page 2

TheZealous · ‎06-06-2017

Hello everyone,

I am planning to rollout Duo with ADFS. I understand the risk of messing up the whole company authentication from Microsoft Cloud (Azure and Office 365 - Exchange) and other application that we are currently using. I found the documentation for the process here: https://duo.com/docs/ldap

Everything looks good until I was asked by my upper management ask about the step # 3 under “Configure ADFS Multi-Factor Authentication” here: https://duo.com/docs/adfs-30#configure-ad-fs-multi-factor-authentication. So let’s say I create a security group in AD and move a few test users to this new AD security group and add it here, what happen to the users that are not part of this group? Will they get the prompt for Duo push authentication? This wasn’t document anywhere in the documentation and so it is kind of concern us.

Thanks,
T.

TheZealous · ‎12-22-2017

Hi @DuoKristina. We don’t use the SfB online tenant. We are all on prem. Our Exchange are on Office 365 and we did enabled Exchange Modern Authentication already. I did tried going into the Credential Manager and deleted all password entry but still getting the same issue. Not sure why.

DuoKristina · ‎12-22-2017

According to this MS document modern auth isn’t available for SfB when Skype 2015 CU5 on-prem is mixed with Exchange Online (the first example in the “mixed topologies” table).

You may want to contact Microsoft to determine if they ever plan to bring modern auth to a mixed topology when auth happens at EXO via a future CU for Skype 2015.

TBH I think their long-term goal is to convince everyone to go cloud-only by making the on-prem equivalents progressively harder to use.

Duo, not DUO.