This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 31%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EML%3C/text%3E%3C/svg%3E)
How can Citrix Virtual Apps and Desktop be integrated with M365 MFA services or Entra ID? Our customer is currently using Citrix Virtual Apps and Desktop On Prem with an on-prem AD server, and they would like to use M365 MFA services. They do not currently have any services in M365. Can someone provide assistance with this integration?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi @milo last
Thank you for reaching out to the Microsoft Q&A platform. Happy to answer your question.
To integrate Citrix Virtual Apps and Desktop with M365 MFA services, you can use Microsoft Entra ID as the identity provider.
This requires setting up Entra Connect sync or Microsoft Cloud sync to synchronize your on-premises AD with Entra ID. Once you have set up Entra Connect, you can enable MFA for your users in Entra ID.
Since your customer is using an on-premises AD server, they will need to synchronize their on-premises directory with Entra ID. This can be done using Entra Connect sync or Cloud sync, which will enable them to manage user identities and credentials in the cloud. Azure AD will be the backbone for implementing MFA services.
Once your directory is synchronized to Entra ID you can set up MFA in Entra ID. with the Entra ID you can create conditional access policies that define the conditions under which users can access corporate resources. These policies can enforce MFA under certain conditions, such as when users are accessing resources from outside the corporate network.
Reference: https://video2.skills-academy.com/en-us/entra/identity/authentication/concept-mfa-howitworks
https://video2.skills-academy.com/en-us/entra/identity/authentication/tutorial-enable-azure-mfa
https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-mfa-multi-factor-authentication
Hope this helps. Do let us know if you any further queries.
Thanks,
Akhilesh.
If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.