How to Control RADIUS clients that DO NOT require MFA

Steven Lum 15 Reputation points
2023-02-10T07:05:01.9933333+00:00

Hi Everyone,

Hope everyone is well. There is a section "Control RADIUS clients that require MFA" on the bottom Microsoft URL which states that any RADIUS clients that are not enabled for MFA will have to be routed to a 2nd NPS server WITHOUT extension. I have indicated this extract in Italic and underlined as per below, however there is no guide from Microsoft on how to configure this 2nd NPS. 

My issue: I have an existing NPS with extension which is working well for MFA required clients but I do not have a guide on how to go about configuring the 2<sup>nd</sup> NPS without extension and integrate with the existing NPS for clients that do not require MFA.

Any help will be much appreciated.

EXTRACT FROM MICROSOFT URL:

"Once you enable MFA for a RADIUS client using the NPS extension, all authentications for this client are required to perform MFA. If you want to enable MFA for some RADIUS clients but not others, you can configure two NPS servers and install the extension on only one of them.

Configure RADIUS clients that you want to require MFA to send requests to the NPS server configured with the extension, and other RADIUS clients to the NPS server not configured with the extension."

URL:

https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension

Thanks

Steven

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
8,064 questions
0 comments No comments
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.