In this section, we just integrate Azure MFA into our ADFS farm. We will customize and use this option in Chapter 8, Using Azure AD App Proxy and Web Application Proxy:
- First of all, we need to generate a certificate for Azure MFA on each server using the following cmdlet:
# Replace the tenant ID to your value
$certbase64 = New-AdfsAzureMfaTenantCertificate -TenantID 181031inovitdemos.onmicrosoft.com
- Next, we set the certificate as the new credential against the Azure Multi-Factor Auth client:
# Connect to the MsolService with your global administrator rights
Connect-MsolService
# Create a new Service Principal Credential the AppPrincipalId is the hardcoded one for Azure MFA
New-MsolServicePrincipalCredential -AppPrincipalId 981f26a1-7f43-403b-a875-f8b09b8cd720 -Type asymmetric -Usage verify -Value $certBase64
- Now, we can configure...