Reverse proxy, header injection and Conditional Access add MFA to an app with no native support. The application-side twin of our edge pattern.
Draft outline · Engineering craft lensPlenty of government line-of-business apps have no concept of MFA and no vendor path to it, yet they hold sensitive data and face credential-abuse pressure (Scattered Spider and commodity credential stuffing). You add the factor around the app, at the access layer, when you cannot add it inside.
Government advisory on why single-factor legacy apps are a favoured foothold.
Independent reporting on credential stuffing and account takeover against apps without MFA.
An engineering-craft twin to the Network Edge reverse-proxy dive: same pattern, application lens. It reinforces that we solve the app-you-cannot-change problem pragmatically and at fixed price, rather than insisting on a rebuild.