Aπό τον @lucianfargo έρχονται οι δύο πάρακάτω πολύ χρήσιμοι συγκριτικοί πίνακες, οι οποίοι συγκεντρώνουν πληροφορίες από τη τεκμηρίωση του Azure και του Office 365 και μας επιτρέπουν να επιλέξουμε την καταλληλότερη τεχνολογία Multi Factor Authentication για το σκοπό που τη χρειαζόμαστε.
Option |
Azure MFA Cloud |
Azure MFA Server |
AD FS MFA |
First party Microsoft Apps compatibility |
|||
|
YES |
YES |
YES |
|
YES |
YES |
YES |
Cloud SaaS apps, via the Azure app gallery / Access Panel |
YES |
Limited |
NO |
IIS applications published through Azure AD App Proxy / Access Panel |
YES |
YES |
YES |
IIS applications not published through Azure AD App Proxy / Access Panel |
NO |
YES |
YES |
Radius integration |
NO |
YES |
NO |
Remote access integration – RDS through AD FS |
NO |
YES |
YES |
Remote access integration – Citrix Web Interface through Netscaler |
NO |
YES |
YES |
Remote access integration – VPN through RADIUS connectivity |
NO |
YES |
NO |
Admin control over authentication methods |
YES |
YES |
YES |
Conditional access – internal, external |
YES |
YES |
YES |
Conditional access – per application |
YES |
Limited |
Limited |
Hardware Tokens and software tokens |
NO |
YES |
YES |
Azure Authenticator App |
YES |
YES |
NO |
Mobile app notification |
YES |
YES |
NO |
Mobile app verification code |
YES |
YES |
NO |
Phone call as second factor – phone called made, pick up only |
YES |
YES |
NO |
One-way SMS as second factor – code sent, enter in site |
YES |
YES |
NO |
Two-way SMS as second factor – reply to SMS with code |
NO |
YES |
NO |
PIN mode – setup a custom PIN and enter for authentication |
NO |
YES |
NO |
Fraud alerting |
YES |
YES |
NO |
MFA service reporting |
YES |
YES |
NO |
One-Time Bypass |
NO |
YES |
NO |
Custom greetings for phone calls |
YES |
YES |
NO |
Customizable caller ID for phone calls |
YES |
YES |
NO |
Contextual IP Address Whitelisting / Trusted IPs |
YES |
YES |
NO |
Integration with third party apps, e.g. Citrix, RADIUS |
NO |
YES |
NO |
App passwords for clients that don’t support MFA |
YES |
NO |
NO |
Cache / Remember MFA for trusted devices (for set number of days) |
YES |
YES |
NO |
High availability and resiliency |
YES |
YES |
YES |
Αλλά εκτός από τα χαρακτηριστικά των διαθέσιμων αυτών τεχνολογιών, πολύ σημαντική είναι και η συμβατότητα τους με τους διάφορους clients. Στον επόμενο πίνακα λοιπόν μπορούμε να εύκολα να δούμε τη συμβατότητα με μια σειρά από clients (μέχρι τις 03-06-2016).
Client compatibility |
Azure MFA Cloud |
Azure MFA Server |
AD FS MFA |
Web browser: IE, Chrome, Firefox |
YES |
YES |
YES |
Microsoft Office 2013, including Skype for Business |
YES |
YES |
YES |
Microsoft Office 2016, including Skype for Business |
YES |
YES |
YES |
Office 2016 for Mac |
YES |
YES |
YES |
Office for Windows Phone |
NO |
NO |
NO |
iOS native mail, calendar, contacts apps |
NO |
NO |
NO |
Android native mail, calendar, contacts apps |
NO |
NO |
NO |
iOS: Word, Excel, PowerPoint (only) |
YES |
YES |
YES |
Android mobile: Word, Excel, PowerPoint (only) |
YES |
YES |
YES |
Android tablet: Word, Excel, PowerPoint (only) |
NO |
NO |
NO |
iOS Skype for Business |
YES |
YES |
YES |
Windows Phone Skype for Business |
NO |
NO |
NO |
Android Skype for Business *when not using Hybrid S4B |
Limited |
Limited |
Limited |
iOS Outlook Mobile app |
YES |
YES |
YES |
Android Outlook Mobile app |
YES |
YES |
YES |
Windows Phone Outlook Mobile app |
NO |
NO |
NO |
Add Comment