Upgrading the on premise version of Azure Multi-Factor Authentication Server

Today I got stuck for a while on an issue, there didn’t seem to be much documentation covering it so I thought it was worth posting about. I was tasked with upgrading an on premise installation of the Azure Multi-Factor Authentication Server from 7.3 to the latest version . It was configured as a pair of MFA servers on the main corporate network and a pair of servers in the DMZ hosting the Mobile App Web Service component with a NetScaler being used to load balance/HA the two pairs of servers.

The upgrade of the main MFA servers went relatively smoothly, except for me missing the requirement for Dot Net 4.6.2, this was swiftly rectified. When it came time to upgrade the Mobile App Web Service component things ground to a halt. I was expecting to find the required installation file at C:\Program Files\Multi-Factor Authentication Server\ of the newly upgraded MFA servers. MultiFactorAuthenticationAdfsAdapterSetup64.msi was there and MultiFactorAuthenticationUserPortalSetup64.msi was there but I was looking for MultiFactorAuthenticationMobileAppWebServiceSetup64.msi and it was nowhere to be found!

The instructions for the upgrade of the Mobile App Web Service component (shown below in their entirety) provided on the docs.microsoft.com site were a little cryptic but made sense (kind of) once I knew what was going on.

After much searching and gnashing of teeth I discovered that the Mobile App Web Service Component has been deprecated in 8.x and its functionality is now provided through Azure. When you go to enroll a mobile device in the MFA application, the enrollment URL provided is of an Azure hosted endpoint that the MFA server interacts with directly.

It was a little frustrating however at the end of the day I was able to decommission 2 servers, free up a public IP address and now no longer needed to renew a publicly signed SSL cert.





Leave a Reply

Your email address will not be published. Required fields are marked *