The Network Policy Server (NPS) extension for Microsoft Azure MFA adds cloud-based MFA capabilities to your authentication infrastructure using your existing servers. With the NPS extension, you can add MFA to on-prem applications & resources such as VPN.
The NPS extension acts as an adapter between RADIUS and cloud-based Microsoft Azure MFA to provide a second factor of authentication for federated or synced users.
The NPS Extension for Microsoft Azure MFA is available to customers with licenses for Microsoft Azure MFA (included with Microsoft Azure P1, P2 or Enterprise Mobility + Security). Consumption-based licenses for Microsoft Azure MFA, such as per user or per authentication licenses, aren't compatible with the NPS extension.
- Install NPS Extension
- Add a RADIUS client to NPS for the VPN server
- Configure NPS Network Policies for the VPN server
- Configure NPS Connection Request Policies for the VPN server
- Control RADIUS clients that require Azure MFA
- Control users that require Azure MFA
- Set users dial in permissions
- Set default sign-in method in Azure AD