Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Employee
Employee

White Paper - RAS VPN with Azure and Microsoft Authenticator MFA

This is guide will describe the full setup configuration of a Azure MFA using the Microsoft Authenticator App in combination with an Active Directory on-premises synced with Azure Active Directory.

The scope is based on VPN remote access on premises that will be moved to Azure Cloud IaaS. The authentication is Active directory credentials in combination with Azure MFA.

 

For the full list of White Papers, go here

10 Replies
Highlighted
Contributor

After reading the paper, I think this works with local AD too, without Cloudguard or Azure AD? As it happens, I have a need to combine RADIUS MFA with Identity awareness. Currently we are using RADIUS MFA but the identities won't match AD users even though the used email addresses are the same as in AD accounts. 

0 Kudos
Reply
Highlighted
Contributor

Hi Sami,

Did you ever managed to apply this solution with on-premis AD and without Cloudguard?

0 Kudos
Reply
Highlighted
Contributor

We actually have the older MS MFA component which can no longer be downloaded. The new one uses explicitly the Azure AD sync.

It works with the old one, which syncs user information locally to our on-prem MFA/NPS/Radius server - which in turn talks to Azure to send the authentication verification request to user. 

0 Kudos
Reply
Highlighted
Contributor

and do you use Cloudgard or regular on-premise VPN?

 

0 Kudos
Reply
Highlighted
Contributor

Just regular on-premise vpn from Check Point gw's. I would assume it works with on-prem vpn with newer Azure MFA + AD sync to Azure, without Cloudguard still. 

Highlighted
Employee
Employee

It should wokr on both as long the initial Radius request is send to the NPS server

0 Kudos
Reply
Highlighted
Employee
Employee

sorry for the delay response, no i didn't apply this on premises. 

0 Kudos
Reply
Highlighted

Hello, does this guide also works on Mobile Access VPN? The Portal-based one?
0 Kudos
Reply
Highlighted
Employee
Employee

Hi Paul,

I didn't set it up for mobile Acces, but it should work as the procedure is the same.
0 Kudos
Reply
Highlighted

Thanks a lot!
0 Kudos
Reply