{"id":44341,"date":"2021-05-14T14:00:00","date_gmt":"2021-05-14T18:00:00","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=44341"},"modified":"2024-11-08T16:28:36","modified_gmt":"2024-11-08T21:28:36","slug":"active-directory-mfa","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/active-directory-mfa","title":{"rendered":"MFA and Active Directory: Answers to 5 Common Questions"},"content":{"rendered":"\n<p>Identity and data theft is an omnipresent threat for businesses of all sizes, and exploiting weaknesses within <a href=\"https:\/\/jumpcloud.com\/blog\/active-directory-faq\">Active Directory<\/a> (AD) is one of the most <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/feature\/Security-executives-slam-Microsoft-over-latest-breach\" target=\"_blank\" rel=\"noreferrer noopener\">common methods of attack<\/a>. Implementing <a href=\"https:\/\/jumpcloud.com\/platform\/multi-factor-authentication-mfa\" target=\"_blank\" rel=\"noreferrer noopener\">multi-factor authentication<\/a> (MFA) provides stronger identity and access management (IAM), but it\u2019s not included with AD, forcing admins to look for solutions, whether they\u2019re from Microsoft or other identity providers (IdP).<\/p>\n\n\n\n<p>This blog focuses on how MFA fits into the journey to <a href=\"https:\/\/jumpcloud.com\/use-cases\/modernize-active-directory\">modernize<\/a> AD, but it also outlines how to leverage modern authentication via MFA to implement a simplified <a href=\"https:\/\/jumpcloud.com\/use-cases\/zero-trust\">Zero Trust security strategy<\/a>. It\u2019s an approach to modernize AD that enhances security for what you have, and mitigates the cyber risks found in AD to protect your data and every other resource that makes work happen.<\/p>\n\n\n\n<figure class=\"image is-16by9\">\n<iframe class=\"has-ratio\" width=\"300\" height=\"315\" src=\"https:\/\/www.youtube.com\/embed\/6721eElca5k?rel=0\" frameborder=\"0\" allow=\"accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen=\"\"><\/iframe>\n<\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"heading1\">Is MFA for Active Directory Necessary?<\/h2>\n\n\n\n<p>MFA (or<a href=\"https:\/\/jumpcloud.com\/blog\/beginners-guide-2fa\"> two-factor authentication<\/a> as it\u2019s often referred to) is a critical security tool in today\u2019s remote work, cloud-based environment. This is because, at its core, MFA is about making sure that when a user is logging in to a resource, that resource knows who\u2019s asking for permission to enter and they are who they say they are. It\u2019s important to understand that MFA is a starting point for IAM that protects assets, people, and devices wherever they exist.<\/p>\n\n\n\n<p>Perpetrators of cyberattacks are getting bolder every day. Between phishing, spear-phishing, and ransomware attacks targeting user credentials, using a simple username\/password combination isn\u2019t enough. When you factor in the fact that many people within an organization tend to use simple or reused passwords for any number of services, these risks only increase.<\/p>\n\n\n\n<p>However, Microsoft has designated AD as a <a href=\"https:\/\/jumpcloud.com\/blog\/active-directory-modernization-is-mandatory\">legacy product<\/a> that must be secured and protected. There are <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/the-attacks-that-can-target-your-windows-active-directory\/\" target=\"_blank\" rel=\"noreferrer noopener\">numerous, well-understood attacks<\/a> that threat actors employ to compromise AD, but Microsoft isn\u2019t taking ownership to address its underlying issues. That\u2019s a problem for admins, especially considering how these attacks often exploit weaknesses in AD\u2019s single-factor authentication. Many admins would disagree that AD is a legacy technology; it remains indispensable for many organizations. But there\u2019s no denying that it has security issues.&nbsp;<\/p>\n\n\n\n<p>The absence of MFA and some other security features in AD is a problem that IT must overcome. AD simply isn\u2019t secure on its own. Admins face another dilemma: follow Microsoft\u2019s prescribed path and adopt its security services to make AD less vulnerable or modernize AD with another IdP. IT admins should enable MFA wherever possible, but it\u2019s understandable that modernizing AD feels like a big decision. Below, you\u2019ll find answers to five common questions that many admins need answered before implementing MFA for their AD environment.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"heading2\">Common Active Directory MFA FAQs<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"heading3\">1. What Do I Add to Enable MFA?<\/h3>\n\n\n\n<p>Having an Active Directory instance set up as your core <a href=\"https:\/\/jumpcloud.com\/blog\/identity-provider-idp\">identity provider<\/a> (IdP) isn\u2019t enough to <a href=\"https:\/\/jumpcloud.com\/blog\/beginners-guide-2fa\">enable MFA<\/a> across your fleet of systems. You\u2019ll need additional applications and services to add those capabilities. There are two paths: partner with an IdP or deepen your ties with Microsoft.<\/p>\n\n\n\n<p>First, it\u2019s possible to <a href=\"https:\/\/jumpcloud.com\/blog\/integrate-ad-jumpcloud\">integrate another IdP<\/a>, like JumpCloud\u2019s <a href=\"https:\/\/jumpcloud.com\/use-cases\/no-directory\">open directory platform<\/a>, with AD for multiple authentication flows. It\u2019s included with the platform at <a href=\"https:\/\/jumpcloud.com\/pricing\">no additional cost<\/a>. JumpCloud features MFA, including <a href=\"https:\/\/jumpcloud.com\/support\/get-started-jumpcloud-go\">JumpCloud Go<\/a>\u2122, a modern authentication factor that works cross-OS to secure applications <em>and<\/em> network resources. Your identities are independent, safeguarding your organization against vendor lock-in while modernizing AD\u2019s access control and security.<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\"\/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>See a simulation of JumpCloud\u2019s <a href=\"https:\/\/university.jumpcloud.com\/courses\/windows-mfa-login\" target=\"_blank\" rel=\"noreferrer noopener\">MFA login process<\/a>.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<p>There are two ways to approach AD modernization using Microsoft solutions:<\/p>\n\n\n\n<ul>\n<li><a href=\"https:\/\/jumpcloud.com\/blog\/what-is-adfs\">Active Directory Federation Service<\/a> (AD FS) for customers to configure additional authentication methods and to have single sign-on (SSO) to resources. It requires a server farm, can be complex to operate, and has high management overhead. Microsoft has begun to migrate some of its features, such as smart card support, to Entra ID. Adopting AD FS may not future-proof MFA, because Microsoft is pushing Entra ID.<\/li>\n\n\n\n<li>Every edition of Entra ID includes MFA. However, an Entra ID <a href=\"https:\/\/jumpcloud.com\/blog\/understanding-aad-premium-p1\">Premium plan<\/a> is required to use Entra ID Connect, an application that bridges AD DS with Microsoft\u2019s cloud directory. Useful features, such as password write back from Entra to AD, will require a Premium 2 plan in order to function. Also, keep in mind that you may have to pay more to support the authentication flow(s) that you need.<\/li>\n\n\n\n<li>There are other considerations that will affect your security posture and costs involved.\n<ul>\n<li>The Premium 2 SKU is a prerequisite to meet the security requirements of Microsoft\u2019s <a href=\"https:\/\/learn.microsoft.com\/en-us\/security\/privileged-access-workstations\/privileged-access-access-model\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">enterprise access model<\/a> for managing privileged access with AD; the <a href=\"https:\/\/learn.microsoft.com\/en-us\/security\/cybersecurity-reference-architecture\/mcra\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Microsoft Cybersecurity Reference Architecture<\/a> (MCRA), which layers multiple cloud services around AD; and <a href=\"https:\/\/learn.microsoft.com\/en-us\/security\/zero-trust\/zero-trust-ramp-overview\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Zero Trust Rapid Modernization Plan<\/a> (RaMP), which recommends using cloud IAM and unified endpoint management (UEM).<\/li>\n\n\n\n<li>Identity monoculture means that lateral spread is possible between Microsoft\u2019s cloud platforms and AD. It&#8217;s recommended that customers also purchase Defender for Identities to protect AD against those threats. Defender for Identities won\u2019t work to its full potential without Microsoft Defender for Endpoints, an endpoint detection and response solution, being installed to account for server threats. That means purchasing a Microsoft 365 (M365) SKU that includes it.<\/li>\n\n\n\n<li>SSO for applications hosted on-premise is made possible through Application Proxy, a Premium feature.<\/li>\n\n\n\n<li>Defender for Servers is recommended if you host AD in Amazon Web Services (AWS) or Google Cloud Platform (GCP) for cloud security posture management (CSPM).<\/li>\n\n\n\n<li>These services can be difficult to learn, requiring you to contract external partners to help set up and maintain. Microsoft\u2019s guidance suggests that customers partner with vendors to completely implement these services and handle any change management. This makes using Entra more complex and costly.&nbsp;<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Windows Hello, a phishing-resistance modern authentication platform that works with Entra and AD, only supports Windows. It makes it possible to use the strongest authentication factors available, but macOS and Linux users go unprotected.<\/li>\n\n\n\n<li>Additional services through Entra ID Domain Services (AD DS) or the Network Policy Server (NPS) server role may be necessary to extend SSO\/MFA to network resources.<\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\"\/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p><a href=\"https:\/\/jumpcloud.com\/blog\/is-e3-right-for-you\">Is M365 E3 right for you?<\/a><\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"heading4\">2. Is MFA Included in Azure or Office 365 Accounts and Subscriptions?<\/h3>\n\n\n\n<p>MFA is included with every account for Microsoft cloud services, but integration with your on-premise AD infrastructure isn\u2019t possible without paying for Premium SKUs. There are also many dependencies among Microsoft\u2019s services, which may not be immediately evident.<\/p>\n\n\n\n<p>For example, its cloud services require setting up and using Entra ID, even if you decide to federate identities with another IdP. Some products, like Intune for UEM, won\u2019t work without it. Even Teams has features that depend on Entra ID for external collaboration. This has the effect of limiting optionality and locks customers in Microsoft\u2019s vertically integrated toolsuite.<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\"\/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>Evaluating the <a href=\"https:\/\/jumpcloud.com\/blog\/evaluating-the-costs-and-risks-of-migrating-to-m365\">costs and risks<\/a> of migrating to M365.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"heading5\">3. Is MFA Included with Entra ID?<\/h3>\n\n\n\n<p>Every Entra ID SKU includes MFA. You can use MFA with a Entra ID Free subscription for Microsoft web apps and other SaaS service providers, but it won\u2019t meet SSO requirements for AD identities. As noted above, Premium SKUs and additional security subscriptions are recommended by Microsoft to address security vulnerabilities stemming from its stack.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"heading6\">4. Is MFA Included with M365?<\/h3>\n\n\n\n<p>Entra ID is bundled with every M365 subscription (and MFA is included). To get the full version of MFA on Active Directory with all its administrative capabilities, you\u2019ll either have to upgrade and pay for it a la carte or purchase a Premium SKU. Purchasing M365 could lead to buying more than you really need. M365 is a multi-product solution, and consolidating on it could restrict your choice to use best-of-breed SaaS solutions. Each component of M365 has its own challenges and complexities, as well as operational, support, and security considerations to consider.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"heading7\">5. How Do You Add MFA to Active Directory&nbsp;Without Azure or M365?&nbsp;<\/h3>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"512\" height=\"202\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/10\/architecture.png\" alt=\"JumpCloud Architecture\" class=\"wp-image-105128\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/10\/architecture.png 512w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/10\/architecture-300x118.png 300w\" sizes=\"(max-width: 512px) 100vw, 512px\" \/><\/figure>\n\n\n\n<p>If you need to enable MFA quickly and easily to AD, without committing to Microsoft\u2019s expansive reference architecture, you can leverage JumpCloud\u2019s open directory platform to set up <a href=\"https:\/\/university.jumpcloud.com\/courses\/windows-mfa-login\" target=\"_blank\" rel=\"noreferrer noopener\">Windows MFA<\/a>. You can even get MFA with Active Directory across your hybrid fleet \u2014 regardless of platform, protocol, provider, or location. Its MFA can be configured to utilize TOTP, push authentication through JumpCloud\u2019s free Protect app, or passwordless via JumpCloud Go. The platform supports native biometrics on mobile devices as well as security keys.<\/p>\n\n\n\n<p>JumpCloud reimagines the role of Active Directory, providing user management similar to AD\u2019s GPOs, where policies including MFA are controlled with commands that admins can use to control whole fleets of systems. Alternatively, it will coexist with your existing AD infrastructure in place. Visit our Active Directory Integration (ADI) resource page to explore <a href=\"https:\/\/jumpcloud.com\/support\/get-started-adi\" target=\"_blank\" rel=\"noreferrer noopener\">deployment options<\/a>.<\/p>\n\n\n\n<p>The open directory platform is ideal for small to medium-sized enterprises (SMEs), as it <a href=\"https:\/\/jumpcloud.com\/use-cases\/access-management\">centralizes IAM<\/a> and device management. With it, you can:<\/p>\n\n\n\n<ul>\n<li>Manage your assets and the discovery of shadow IT services (coming soon).<\/li>\n\n\n\n<li>Manage your users and groups of users.<\/li>\n\n\n\n<li>Manage your Android\/Mac\/Windows\/Linux systems.<\/li>\n\n\n\n<li>Manage your on-prem and cloud-based applications.&nbsp;<\/li>\n\n\n\n<li>Manageo your on-prem apps and file servers.&nbsp;<\/li>\n\n\n\n<li>Manage your networks and VPNs.<\/li>\n\n\n\n<li>Manage your Cloud-based infrastructure.<\/li>\n\n\n\n<li>Manage your reporting and telemetry for compliance.<\/li>\n<\/ul>\n\n\n\n<p>JumpCloud features <a href=\"https:\/\/jumpcloud.com\/blog\/nested-groups\">automations and workflows<\/a> to streamline on\/offboarding. It also has optional <a href=\"https:\/\/jumpcloud.com\/support\/get-started-conditional-access-policies\" target=\"_blank\" rel=\"noreferrer noopener\">conditional access rules<\/a> with step-up authentication to protect privileged resources (coming soon), <a href=\"https:\/\/jumpcloud.com\/support\/get-started-remote-assist\" target=\"_blank\" rel=\"noreferrer noopener\">Remote Access<\/a> and troubleshooting tools, a password manager, and patch management features, all from a unified console to consolidate your IAM\/UEM needs.<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\"\/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>See what it\u2019s like to work with JumpCloud. Try our <a href=\"https:\/\/university.jumpcloud.com\/pages\/guided-sims\" target=\"_blank\" rel=\"noreferrer noopener\">guided simulations<\/a>.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"heading8\">Learn How to Add MFA in Active Directory<\/h2>\n\n\n\n<p>While MFA is a common alternative used to fix the shortcomings associated with passwords, a well-designed multi-factor authentication solution seeks to strike a balance between added security and user convenience.\u00a0<br><br>To learn more about merging MFA with Active Directory, contact us and <a href=\"https:\/\/jumpcloud.com\/guided-simulations\">schedule up a free demo<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft Active Directory is a legacy identity provider (IdP) that must be modernized for modern access control and device management.<\/p>\n","protected":false},"author":120,"featured_media":44342,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"categories":[2753],"tags":[],"collection":[2779,2777],"platform":[],"funnel_stage":[3016],"coauthors":[2537,2535],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Active Directory and MFA: Your 5 Top Questions Answered - JumpCloud<\/title>\n<meta name=\"description\" content=\"Microsoft Active Directory is a legacy identity provider (IdP) that must be modernized for modern access control and device management.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/blog\/active-directory-mfa\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"MFA and Active Directory: Answers to 5 Common Questions\" \/>\n<meta property=\"og:description\" content=\"Microsoft Active Directory is a legacy identity provider (IdP) that must be modernized for modern access control and device management.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/blog\/active-directory-mfa\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:published_time\" content=\"2021-05-14T18:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-11-08T21:28:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/02\/active-directory-mfa.png\" \/>\n\t<meta property=\"og:image:width\" content=\"780\" \/>\n\t<meta property=\"og:image:height\" content=\"520\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Sean Blanton, David Worthington\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sean Blanton, David Worthington\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/active-directory-mfa#article\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/active-directory-mfa\"},\"author\":{\"name\":\"Sean Blanton\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/0c2a749d55fd9ade81d9f810c8d5aaa3\"},\"headline\":\"MFA and Active Directory: Answers to 5 Common Questions\",\"datePublished\":\"2021-05-14T18:00:00+00:00\",\"dateModified\":\"2024-11-08T21:28:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/active-directory-mfa\"},\"wordCount\":1664,\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/active-directory-mfa#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/02\/active-directory-mfa.png\",\"articleSection\":[\"Unification\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/active-directory-mfa\",\"url\":\"https:\/\/jumpcloud.com\/blog\/active-directory-mfa\",\"name\":\"Active Directory and MFA: Your 5 Top Questions Answered - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/active-directory-mfa#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/active-directory-mfa#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/02\/active-directory-mfa.png\",\"datePublished\":\"2021-05-14T18:00:00+00:00\",\"dateModified\":\"2024-11-08T21:28:36+00:00\",\"description\":\"Microsoft Active Directory is a legacy identity provider (IdP) that must be modernized for modern access control and device management.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/active-directory-mfa#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/blog\/active-directory-mfa\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/active-directory-mfa#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/02\/active-directory-mfa.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/02\/active-directory-mfa.png\",\"width\":780,\"height\":520},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/active-directory-mfa#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"MFA and Active Directory: Answers to 5 Common Questions\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/0c2a749d55fd9ade81d9f810c8d5aaa3\",\"name\":\"Sean Blanton\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/0f493278829cf832b6cf8a58926a4585\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/596d142d20c23a1783684d7960968d4e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/596d142d20c23a1783684d7960968d4e?s=96&d=mm&r=g\",\"caption\":\"Sean Blanton\"},\"description\":\"Sean Blanton is the Director of Content at JumpCloud and has spent the past decade in the wide world of security, networking and IT and Infosec administration. When not at work Sean enjoys spending time with his young kids and geeking out on table top games.\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Active Directory and MFA: Your 5 Top Questions Answered - JumpCloud","description":"Microsoft Active Directory is a legacy identity provider (IdP) that must be modernized for modern access control and device management.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/blog\/active-directory-mfa","og_locale":"en_US","og_type":"article","og_title":"MFA and Active Directory: Answers to 5 Common Questions","og_description":"Microsoft Active Directory is a legacy identity provider (IdP) that must be modernized for modern access control and device management.","og_url":"https:\/\/jumpcloud.com\/blog\/active-directory-mfa","og_site_name":"JumpCloud","article_published_time":"2021-05-14T18:00:00+00:00","article_modified_time":"2024-11-08T21:28:36+00:00","og_image":[{"width":780,"height":520,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/02\/active-directory-mfa.png","type":"image\/png"}],"author":"Sean Blanton, David Worthington","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Sean Blanton, David Worthington","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jumpcloud.com\/blog\/active-directory-mfa#article","isPartOf":{"@id":"https:\/\/jumpcloud.com\/blog\/active-directory-mfa"},"author":{"name":"Sean Blanton","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/0c2a749d55fd9ade81d9f810c8d5aaa3"},"headline":"MFA and Active Directory: Answers to 5 Common Questions","datePublished":"2021-05-14T18:00:00+00:00","dateModified":"2024-11-08T21:28:36+00:00","mainEntityOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/active-directory-mfa"},"wordCount":1664,"publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/active-directory-mfa#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/02\/active-directory-mfa.png","articleSection":["Unification"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/blog\/active-directory-mfa","url":"https:\/\/jumpcloud.com\/blog\/active-directory-mfa","name":"Active Directory and MFA: Your 5 Top Questions Answered - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/active-directory-mfa#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/active-directory-mfa#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/02\/active-directory-mfa.png","datePublished":"2021-05-14T18:00:00+00:00","dateModified":"2024-11-08T21:28:36+00:00","description":"Microsoft Active Directory is a legacy identity provider (IdP) that must be modernized for modern access control and device management.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/blog\/active-directory-mfa#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/blog\/active-directory-mfa"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/blog\/active-directory-mfa#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/02\/active-directory-mfa.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/02\/active-directory-mfa.png","width":780,"height":520},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/blog\/active-directory-mfa#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"MFA and Active Directory: Answers to 5 Common Questions"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/0c2a749d55fd9ade81d9f810c8d5aaa3","name":"Sean Blanton","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/0f493278829cf832b6cf8a58926a4585","url":"https:\/\/secure.gravatar.com\/avatar\/596d142d20c23a1783684d7960968d4e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/596d142d20c23a1783684d7960968d4e?s=96&d=mm&r=g","caption":"Sean Blanton"},"description":"Sean Blanton is the Director of Content at JumpCloud and has spent the past decade in the wide world of security, networking and IT and Infosec administration. When not at work Sean enjoys spending time with his young kids and geeking out on table top games."}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/44341"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/120"}],"replies":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/comments?post=44341"}],"version-history":[{"count":2,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/44341\/revisions"}],"predecessor-version":[{"id":117220,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/44341\/revisions\/117220"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media\/44342"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=44341"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/categories?post=44341"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/tags?post=44341"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/collection?post=44341"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/platform?post=44341"},{"taxonomy":"funnel_stage","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/funnel_stage?post=44341"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=44341"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}