This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 67%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
Hello together,
we want to use microsoft nps server with azure mfa extension in future.
I got this working so far, but i have one question related to radius access-challenge messages.
If i authenticate via azure mfa extension and entered the first factor (username and password) i didn't receive any information what to do. For example a text mesage like this
"Please confirm multi factor authentication". Please notice: I receive the multi factor prompt, but i wish to inform the user, that the system is waiting for the second factor of authentification.
Is there any opportunity to send a Radius Access-Challenge Message with Attribute Type 18 (Reply-message)?
Is this anywhere working like explained?
Thanks for information
Regards
Alexander
Hi Alexander,
Just check this page and it has some steps KB44686 also follow this article and should help you in configuration of policies for Radius - howto-mfa-nps-extension
Hope this helps.
Please don't forget to upvote and Accept as answer if the reply is helpful
If this answer helped you please mark it as "Verified" so other users can reference it.
Hi Jimmy, thanks for your answer and the information.
I've got the basics already working.
For me there is just something missing; when authentication and the second factor is a push notification for ms authenticator.
When i configure token validation as second factor i got a prompt to enter it. When i configure the push notication i got no feedback, what to do (e.g. "confirm ms authenticator request").
Regards
Alexander
Hello @Alexander Bussohn ,
I would recommend checking what does NPS extension server log shows under path:
Applications and Services Logs > Microsoft > AzureMfa > AuthN > AuthZ
and based upon the error's please validate the following:
Thanks
Akshay Kaushik
Please "Accept the answer" and "Upvote" if the suggestion works as per your business need. This will help us and others in the community as well.
Hello Akshay,
thanks for your message.
The authentication itself works.
For me, there is missing some user interaction when using the Push Notification authentication.
If i am using Token based authentication the Radius server sends a radius-challenge message through the microsoft nps extension, and the user is requested to enter the code.
In my opinion this is missing, when using push notification
Regards
Alexander
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 47%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3END%3C/text%3E%3C/svg%3E)
I believe I have done all this and still don't get the MFA prompt???