By default, the Rublon MFA for Outlook Web App (OWA) and Exchange Control Panel (ECP) connector enables MFA for both OWA and ECP. However, you can make a simple change in the web.config file to enable multi-factor authentication (MFA) only for OWA or ECP.
How to enable MFA for ECP but not for OWA
1. Open the IIS Server Manager.
2. Select Sites → owa.
3. Right-click and select Explore.
4. Open the web.config file.
5. Find and mark the OWA module lines, using the XML comments, like:
<!-- START OF DISABLE MFA FOR OWA
<add name="RublonOWAModule" type="Rublon.OWA.OWAModule, RublonOWAModule, Version=1.1.2.0, Culture=neutral, PublicKeyToken=be7e75eeb046f1eb" preCondition="" />
END OF DISABLE MFA FOR OWA -->
6. Save the file. The connector will now only challenge users for MFA when they sign in to ECP, but not when they sign in to OWA.
How to enable MFA for OWA but not for ECP
1. Open the IIS Server Manager.
2. Select Sites → ecp.
3. Right-click and select Explore.
4. Open the web.config file.
5. Find and mark the ECP module lines, using the XML comments, like:
<!-- START OF DISABLE MFA FOR ECP
<add name="RublonOWAModule" type="Rublon.OWA.ECPModule, RublonOWAModule, Version=1.1.2.0, Culture=neutral, PublicKeyToken=be7e75eeb046f1eb" preCondition="" />
END OF DISABLE MFA FOR ECP -->
6. Save the file. The connector will now only challenge users for MFA when they sign in to OWA, but not when they sign in to ECP.
Enable MFA for OWA or ECP Using Registry Values Coming Soon
We are working on a feature allowing you to enable and disable MFA for OWA and ECP using Registry values available at HKEY_LOCAL_MACHINE\SOFTWARE\Rublon\OWA. In the interim, please follow the preceding instructions for editing the web.config file to do it.
Helpful Links
Rublon MFA for Outlook Web App (OWA) and Exchange Control Panel (ECP)