Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Microsoft MFA vs. Duo

From: "Kurtz, Eric" <kurtz () SUSQU EDU>
Date: Wed, 12 Oct 2016 18:52:55 +0000
Chris,
We are starting to look at this too (being an O365/AD prem user).   I like that the Microsoft MFA will do conditional 
MFA based on analytics of login locations and not just force MFA to all clients for O365 logins. I think you need the 
EMS license to do this though. And they now have the MFA server so you can integrate with other apps like radius.  I'd 
be interested to hear about your comparison and implementation.

Eric Kurtz
Senior Systems Engineer
Office of Information Technology
Susquehanna University
514 University Avenue
Selinsgrove, PA 17870-1164
kurtz () susqu edu<mailto:kurtz () susqu edu>


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Gregg, 
Christopher S.
Sent: Wednesday, October 12, 2016 1:28 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Microsoft MFA vs. Duo

It looks like there has been a fair amount of discussion around Duo and rolling out MFA, usually Duo on the list.

Has anyone here run a recent comparison between using the Microsoft multifactor authentication solution vs. Duo?

Duo appears to be incredibly popular in the higher ed space, and I have heard nothing but good things about it.

We're an Office365 shop, and we already have Azure AD Premium licenses for the self-service password reset 
functionality.  Our initial pilot of the Microsoft MFA solution with the Microsoft Authenticator mobile app is working 
really slick.  I am in the process of talking with Duo reps this week, but I am curious from others who may have done a 
comparison and/or who have implemented Microsoft MFA as their solution.

I am suspecting that the heavy leaning to Duo in the higher ed space is the price combined with the functionality.  The 
functionality comparison is looking pretty close to me at this point, so maybe we are unique in already having the AADP 
licensing that covers Microsoft MFA which changes the cost equation for us.  Or maybe we're missing something big that 
separates the two from a functionality point of view?

Feel free to respond to the group or out of band, and I'd be happy share more about what we end up deciding and how it 
goes.

Thanks,

Chris


Chris Gregg
Associate Vice President of Information Security & Risk Management
Information Technology Services (ITS)
csgregg () stthomas edu<mailto:csgregg () stthomas edu>
p 1 (651) 962-6265
University of St. Thomas | stthomas.edu<https://www.stthomas.edu>





[http://static.stthomas.edu/email/disclaimer-logo.png]<http://www.stthomas.edu/e>
Previous By Date Next
Previous By Thread Next

Current thread: