NPS + Azure MFA with multiple AD domains

Question

Is it possible to configure Azure MFA extension in NPS server to work with multiple AD domains, imagine architecture like NPS server should be Windows server on its own, then there are 3 AD servers, which is independent from each other and each has its own Azure Entra ID setup and we wanna use Azure MFA extention on NPS server and also make NPS server connect all 3 AD servers and authenticate against them, such architecture possible? and guides? if such architecture not possible then what is the limitations? what is most close valid architecture?

Answer 1

Hey buddy!
Allahshukur Ahmadzadeh I guess this is doable. First things first, make sure your AD domains are federated through Azure AD Connect. Once that's in place, install the Azure MFA extension on your NPS server. Here's a quick snippet to get you strted:

powershellCopy code
Install-Module -Name Az -AllowClobber -Force -Scope CurrentUser
Install-Module -Name MSONline
Install-Module -Name MSOnlineExtended

Import-Module Az
Import-Module MSOnline
Import-Module MSOnlineExtended

# Connect to Azure AD
Connect-AzAccount

# Install the NPS Extension for Azure MFA
Install-AdfsAzureMfaNpsExtension -PackageFileFullPath "C:\Path\To\MfaNpsExtn.msixbundle"

# Register the NPS extension with Azure AD
Register-NpsAzureMfaNpsExtension -ServiceAccountCredentialPath "C:\Path\To\ServiceAccountCredential.xml"

Next, configure your NPS server to handle authentication requests for users from multiple AD domains. Best of luck with your MFA setup.
If this helps kindly accept the answer thanks much.