OWA and Exchange On-Prem (Hybrid)

JOLSW

I am having trouble getting solid answers for an Authpoint deployment.
The scenario, I have Hybrid Exch 2019 with most all mailboxes on-premise.
Wanted to look at Authpoint solution, however how do we cover exchange services on-prem. I was told we needed ADFS, but does this actually help us, if so how?

I believe I can use access portal, would ADFS negate the need to use access portal?

If access portal is used, what happens with activesync connections and Outlook Anywhere connections, I assume these are proxied also as all use port 443? In practice how does this work with the Access portal, how many times and when would MFA authentication be required? A mobile device for example, only one MFA when you initially set it up? I can see how it would work for OWA, but unsure for other services on the same port.
I know this puts some overhead also on the Watchguard so what happens if you have 100 activesync users, what effect would this have on an M370?

Thanks in advance

james.carson

Hi @JOLSW
If you want to use access portal, that can take place of using ADFS. ADFS is the only way to bolt 2FA onto on prem exchange without putting a thing like access portal in front of it.

If Access Portal is used, those connections would be proxied but the user must authenticate for that to work.

100 users heavily using it vs 100 users with phones that are just polling for new messages would have drastically different loads -- it depends on how much it's being used. If you would like a trial for access portal - our team would be happy to help get you a temp key so you can check performance before you commit to that sort of thing.