Hey everyone! I'm on the hunt for a reliable MFA solution that can handle multiple systems in a hybrid setup, covering both on-prem and cloud environments. I'd really appreciate any recommendations based on your experiences. Here are my main requirements:
- Protect Windows Active Directory logins (with support for offline access)
- Implement MFA for Remote Desktop (RDP)
- Integrate with Office 365 (SAML or Azure/Entra)
- Support Citrix (Virtual Apps & Desktops, RDS Gateway, etc.)
- Include VPN support (for Fortinet or Sophos via RADIUS)
- Provide push-based MFA with a mobile app
- Allow offline fallback options (like TOTP, hardware keys, or codes)
- Offer cloud or self-hosted deployment options, preferably with EU data residency
- Keep the cost reasonable (around 5€ per user per month, with full features included)
Since this will be managed by just one person, I'm looking for something highly automated and mature—nothing that still has bugs going into production. The ease of deployment, daily management, and user experience are all essential. If you've used any tools that fit these needs, I'd love to hear about your experience. Thanks in advance!
1 Answer
If you're already using Office 365, you might already have a solution available that just needs to be activated for M365. It integrates smoothly with RDP, Citrix, and any VPN that supports SAML. Given that you have limited resources, this could be a good option since most of it is already set up for you. Just keep in mind that the offline AD login support might be something to reconsider. If someone has both an employee's laptop and their password, they essentially already have two factors of authentication covered.
Absolutely! Pairing Windows Hello for Business with Entra Private Access could allow you to ditch the VPN. This way, your users won't even realize they are using MFA, as the process happens seamlessly behind the scenes. Just make sure all necessary resources are web-based, and consider the Entra ID App Proxy that comes with Entra Plan 1. It should integrate well with your current licensing.