Re: Microsoft MFA and Authentication FOBs

[Andreas Paulisch <apaulisch () BROCKU CA>]

We are using Microsoft MFA. The preferred method is a smart phone.. For folks who don't have one, or refuse to play 
nice, we used OATH tokens for some applications.
OATH tokens can't be used for all our MFA setups. For example, we use MFA to secure RD Gateway connections. MFA wedges 
itself into the RADIUS authentication stream between the RD Gateway and the RADIUS server. Long story short, cell 
phones work great, because the phone itself is the user interface. OATH tokens don't work, because there is no place in 
the entire process for users to enter their PIN from the token, so oath tokens can't participate. You could fall back 
on the "phone call to a registered number" method, but we didn't like that. It just wasn't a flexible enough solution.. 
We made cell phones mandatory.

Any application the used ADFS and MFS works great.


From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Pardonek, Jim
Sent: Monday, August 13, 2018 10:17 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Microsoft MFA and Authentication FOBs

Greetings,

Curious if anyone out there is using Microsoft MFA and what they use for folks that don't have or want to use a 
smartphone.  Is there additional software or a way to integrate OATH based tokens?

Thanks,

James Pardonek, MS, CISSP, CEH, GSNA
Information Security Officer
Loyola University Chicago
1032 W. Sheridan Road | Chicago, IL  60660

*: (773) 508-6086

Loyola University Chicago will never ask you for your username or password.
For the lastest information security news at Loyola, please follow us online,
Twitter: @LUCUISO
Facebook: https://www.facebook.com/lucuiso/
Our Blog http://blogs.luc.edu/uiso/