6/4/2023 0 Comments Azure mfaThis is poorly named (in my opinion), because it is referring to which users are enabled for per-user MFA. This will help us as well as others in the community who may be researching similar questions. First, head over to the Azure portal, open Azure Active Directory, and then click Multi Factor Authentication: MFA option Here, you can configure which users are enabled for MFA. If the information helped you, please Accept the answer. Let me know if this helps and if you have further questions. If you want to bypass MFA for non-admins and those users are using VPNs, then this change will happen in the NPS network policy settings and if this is a requirement for admins, then this will also be determined by the network policies in place within the NPS. ![]() It is not a cloud app but is an on-prem application that uses our APIs to use Azure MFA. There have been some feature requests raised to change this behavior, but this is how the NPS Extension is designed. ![]() Conditional Access policies trigger based on companies' setups and only then will the results of the 2FA from the NPS extension (if performed) be applicable.īecause of this, Conditional Access does not apply in a traditional way for connections made through NPS, as NPS extension just checks to make sure the user is registered for MFA and then sends the prompt. NPS is simply stating whether or not MFA was passed. Conditional Access policies will be triggered for authorization and if the user falls into a policy that requires MFA and has already logged into their vpn and performed MFA through the NPS extension, then MFA will be skipped in the Conditional Access policy and be marked as satisfied by the token (assuming MFA was passed). The purpose of the NPS extension is to give the NPS server the ability to perform 2FA. 0 comments MagicalLeaf commented 3 minutes ago Sign up for free to join this conversation on GitHub.22604 Open MagicalLeaf opened this issue 3 minutes ago GitHub New issue Unable to log in using MFA authentication. ![]() It doesn't check to see if you have a Conditional Access policy setup. Unable to log in using MFA authentication. ![]() All the NPS Extension does is look to make sure the User has strong Authentication methods configured (Registered) and prompt the user. Thanks for your post! The NPS Extension doesn't look at or interact with Conditional Access policies.
0 Comments
Leave a Reply. |