Q. What is Azure Multi-factor Authentication Server?
A. Azure Multi-factor Authentication Server is an on-premises deployment that integrates with the Azure cloud-based multi-factor authentication services. This enables MFA to be extended beyond Azure AD and used for on-premises Active Directory and through ADFS authentications. The on-premises MFA server communicates to Azure services using port 443 only. Once deployed users are imported to the MFA server from AD and enabled for MFA. The MFA is then leveraged when consuming services such as IIS applications and VPN/Remote Desktop Gateway using AD credentials. Details on the deployment of MFA server can be found at https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication-get-started-server/.
Note that if your users are all in Azure AD then you do not need MFA server and can simply enable MFA in Azure AD. Additionally if using federation you can still use Azure AD MFA to perform the second factor of authentication while the primary occurs against on-premises AD.
