25,080 questions
Hi @adamweldon ,
Yes, this is still a known issue. There is an open feature request for it here which you can vote on and comment on. I'll also add a request internally to bubble this up to the product team.
Azure MFA with RDS using NPS Extension does not bypass trusted location/IP's
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 67%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
adamweldon
1
Reputation point
Hello,
We have several RDS farms setup and they are using Azure MFA with the NPS Extension.
However, we have never been able to get trusted locations/IP's to work.
- We have put the local IP's of the on-prem environment into the whitelist on the NPS side (Reg key), still no success
- We have put the external locations IP addresses into the Trusted Locations - still no success.
No matter how we've configured it, it seems that using RDS with Azure MFA through the NPS extension, you cannot use any trusted locations to bypass the MFA requirement Users always get prompted to pass MFA, inside the trusted locations (i.e. their office).
We consulted with MS Support a bout a year ago on the issue and it was classified as a known issue.
Has this progressed, is this still a known problem?
Thank you
Microsoft Security | Microsoft Entra | Microsoft Entra ID
1 answer
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator2020-10-05T23:05:35.387+00:00