So, Azure MFA Extension for NPS was setup RDS and it was working till last week.
Issue:
Allow of sudden the MFA notification stopped. User no longer get notification on their mobile, text or a call when they try to sign into any server through RDS (Outside the network)
Diagnosis :
- When we tried the office 365 portal, it worked just fine. Users got their notification on to their device and allowed to access the portal.
- In the logs, we see lot of
- Source: Microsoft-AzureMfa-AuthZ
- Event ID: 4
- Description:
- NPS Extension for Azure MFA: Radius request is missing NAS Identifier and Nas IpAddress attribute.Populating atleast one of these fields is recommended
- Authentication with Azure MFA
- Source: Microsoft-AzureMfa-AuthZ
- Event ID: 2
- Computer: PCC-EUN-DC-02.tpcc.prostate-cancer.org.uk
- Description:
- NPS Extension for Azure MFA: Unknown exception
So, at this point I don’t know what was wrong, as it was working without any issues. No changes made recently
After having to go through the following article
https://docs.microsoft.com/en-us/azure/multi-factor-authentication/nps-extension-vpn
https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-nps-extension
The line which struck me is the following.
The NPS Extension for Azure MFA is available to customers with licenses for Azure Multi-Factor Authentication (included with Azure AD Premium, EMS, or an MFA stand-alone license). Consumption-based licenses for Azure MFA such as per user or per authentication licenses are not compatible with the NPS extension.
For testing, i assigned a MFA Standalone license for a user – It worked.
But still i was confused why it was working all this while? After speaking to MS, the preview version was active and MS their functionality for 30 more days so the client can choose a plan. (Client claimed that they never received any communication)
Hope this helps.
VJ
One thought on “AzuMFA Extension for NPS – Stopped working”