Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
nflnetwork29
Advisor

Connecting to Remote access vpn , not getting prompted fore 2Fa

hello i have configured remote access vpn to work with azure active directory. 

when i connect my endpoint client i can successfully login but im Not getting any 2Fa prompting. 

does anyone know where i can look to verify my settings for this?

would this be something on the azure portal side?.

any suggestions?

 

thanks, 

0 Kudos
9 Replies
nflnetwork29
Advisor

we also just noticed during some initial testing that any subsequent vpn login attempt do not even ask for credentials of any sort? i have no idea how the endpoint client is even connecting . something must be cached somewhere? it is now connecting without any credential input request. 

0 Kudos
(1)
the_rock
Champion
Champion

If its on CP side, then its on gateway properties, vpn -> authentication

Andy

0 Kudos
nflnetwork29
Advisor

i belive this to be azure issue there is a property that gets set on the client workstation . 

 

it can be verified by running dsregcmd /status op the workstation

 

under the single sign on section there is the following property

AzureAdPrt : YES

If this property is set to yes it will essentially bypass the conditional access policy / request for MFA. 

 

my workstaion


+----------------------------------------------------------------------+
| SSO State |
+----------------------------------------------------------------------+

AzureAdPrt : YES
AzureAdPrtUpdateTime : 2022-05-18 20:56:09.000 UTC
AzureAdPrtExpiryTime : 2022-06-02 00:59:03.000 UTC
AzureAdPrtAuthority : https://login.microsoftonline.com/4e3b121b-1d6b-491c-873e-95e5f3eec8e0
EnterprisePrt : NO
EnterprisePrtAuthority :
OnPremTgt : NO
CloudTgt : YES
KerbTopLevelNames : .windows.net,.windows.net:1433,.windows.net:3342

 

 

0 Kudos
nflnetwork29
Advisor

some images of the login process . (attached) 

as you can see i never get prompted for MFA  or credentials. 

 

 

 

 

0 Kudos
the_rock
Champion
Champion

What identity provider are you using? I tested this before with a colleague and worked fine. I still have it in my lab I believe.

0 Kudos
nflnetwork29
Advisor

Azure

0 Kudos
the_rock
Champion
Champion

We were using another one (cant think of a name now), but never had this problem. Are there some settings in Azure portal that might be missing? I find it odd that you dont even get a prompt, I got a feeling there is something simple being omitted here.

0 Kudos
nflnetwork29
Advisor

will check with Microsoft support .will report back what i find out . 

 

the_rock
Champion
Champion

Please do, because more and more people use cloud stuff now days, so any solution shared is big help.

 

Cheers.

0 Kudos