A few weeks ago Microsoft Released a new version of the Azure Multi-Factor Authentication Server for use with on-premises implementations. This is a short post about this new version of Azure MFA Server availability and how to upgrade.
According to the release notes the version 220.127.116.11 of the Azure Multi-Factor Authentication Server adds the following additional functionality:
This latest version has been upgraded to use .NET 4.0 instead of .NET 2.0. With extended support for
.NET 2.0 ending 12 Apr 2016, all existing MFA customers are encouraged to upgrade to v7.0.0.
AD FS adapter now displays a list of MFA methods to choose from based on:
- options configured under the Allow users to select method checkbox and
- the information registered by the user
This allows users to choose a preferred authentication method each time they sign in.
Alternatively, the adapter can perform the users default MFA method immediately, then display the list of options if the user doesn’t respond.
Note: that users connecting from Windows Phone whose default method is Mobile App will always see the list of options except Mobile App due to a known issue where the App being accessed loses state when switching over to the authenticator app, thus resulting in a failed authentication after completing MFA.
The update also includes other minor bug fixes and security improvements
- Windows Authentication for Terminal Services is not supported for
Windows Server 2012 R2
Upgrading MFA Servers
The upgrade can be done as an in-place upgrade and works pretty good. If you are running multiple MFA Servers, make sure to start the upgrade with the slave servers first and the promote the upgraded servers afterwards, until all servers has been updated.
That part does not work – you still have to download the binaries yourself from the Azure MFA portal (more about that later).
When you have downloaded the binaries, make sure you have a valid backup of your MFA server, before you continue with the upgrade.
During the MFA update, you will be asked to make sure that the Windows Update (KB2919355) has been applied to the MFA server.
When the install has been started, the update process will also install Visual C++ 14 Runtime Libraries (x86/x64).
The install is pretty straightforward as an in-place upgrade.
How about the other MFA components
Fellow MVP Sander Berkouwer has already made a great blog post, with details about how to upgrade the additional components, such as:
- Web Service SDK
- User Portal
- Mobile App services
- ADFS Adapters
Please read his blog post here: Azure Multi-Factor Authentication Server reaches version 18.104.22.168.
More about the download and where to find the Azure MFA Server binaries, see: