I would like to share with you how I managed to get VPN users to use Microsoft Azure Multi-Factor Authentication.
I saw in some posts that this was possible by using MFA Server, but Microsoft stopped offering MFA Server on July 1, 2019.
What I needed to do:
1 - Office 365 users with MFA enabled.
2 - Dedicated NPS Server.
All Radius requests made to this server will have MFA directed to Microsoft.
3 - NPS extension for Azure MFA
This extension will direct your MFA requests to Microsoft.
You can find the installation and download instructions at the link below.
The user can define which method will be used in the Microsoft portal.
I tested the methods below on VPN Clients, Mobile Access and Capsule Workspace and they all worked perfectly.
- Notification through mobile app
- Verification code from mobile app
- Text message to phone
I hope this post helps you