Your network contains an Active Directory domain named contoso.com that is federated to an Azure Active Directory (Azure AD) tenant. The on-premises domain contains a VPN server named Server1 that runs Windows Server 2016.
You have a single on-premises location that uses an address space of 172.16.0.0/16.
You need to implement two-factor authentication for users who establish VPN connections to Server1.
What should you include in the implementation?
Click on the arrows to vote for the correct answer
A. B. C. D.B
You need to download, install and configure the MFA Server.
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfaserver-deployThe correct answer for this question is option B - Install and configure Azure MFA Server on-premises.
Explanation: To implement two-factor authentication for users who establish VPN connections to Server1, we need to use Multi-Factor Authentication (MFA). MFA is a security mechanism that requires users to provide two or more authentication factors to verify their identity.
Option A - In Azure AD, create a conditional access policy and a trusted named location: This option is incorrect as creating a conditional access policy and a trusted named location will not help us implement two-factor authentication for VPN connections. These options are used to manage access to cloud-based applications.
Option C - Configure an Active Directory Federation Services (AD FS) server on-premises: This option is incorrect as AD FS is used for federating identity between the on-premises Active Directory and Azure AD. It is not used for implementing two-factor authentication for VPN connections.
Option D - In Azure AD, configure the authentication methods. From the multi-factor authentication (MFA) service settings, create a trusted IP range: This option is partially correct as we need to configure the authentication methods in Azure AD for MFA. However, creating a trusted IP range is not sufficient for implementing two-factor authentication for VPN connections.
Option B - Install and configure Azure MFA Server on-premises: This option is the correct answer as we need to install and configure Azure MFA Server on-premises to implement two-factor authentication for VPN connections. Azure MFA Server is an on-premises solution that integrates with VPN servers to provide MFA for remote access. With Azure MFA Server, we can configure MFA for VPN connections using a variety of authentication methods, including phone call, text message, mobile app notification, and one-time password.
In summary, to implement two-factor authentication for users who establish VPN connections to Server1, we need to install and configure Azure MFA Server on-premises.