Dynamics Community Forum Thread Details

Control RADIUS clients that DO NOT require MFA

Hi Everyone,

Hope everyone is well. There is a section "Control RADIUS clients that require MFA" on the bottom Microsoft URL which states that any RADIUS clients that are not enabled for MFA will have to be routed to a 2nd NPS server WITHOUT extension. I have indicated this extract in Italic and underlined as per below, however there is no guide from Microsoft on how to configure this 2nd NPS.

My issue: I have an existing NPS with extension which is working well for MFA required clients but I do not have a guide on how to go about configuring the 2^nd NPS without extension and integrate with the existing NPS for clients that do not require MFA.

Any help will be much appreciated.

EXTRACT FROM MICROSOFT URL:

"Once you enable MFA for a RADIUS client using the NPS extension, all authentications for this client are required to perform MFA. If you want to enable MFA for some RADIUS clients but not others, you can configure two NPS servers and install the extension on only one of them.

Configure RADIUS clients that you want to require MFA to send requests to the NPS server configured with the extension, and other RADIUS clients to the NPS server not configured with the extension."

https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension

Thanks

Steven

Quick Links