9,350 questions
RRAS VPN with Microsoft Entra MFA reauthentication time limit
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 87%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKB%3C/text%3E%3C/svg%3E)
Krystian Blaszkowicz
20
Reputation points
Hello,
We have an on-premise RRAS hosting an SSTP VPN, we have also set this up with RADIUS to a NPS server with Entra MFA configured. This solution works fine on a good internet connection, users are prompted and stay connected, but not all users have reliable connections, especially those travelling or working far abroad, this means every time the connection drops, they have to authenticate all over again, for something this has been as frequent as every couple minutes. Is there a way to have MFA not be asked every time upon connecting? I have looked through Entra conditional access it seems there is no clear answer in either the portal or documentation.
The 90 day MFA reauthentication for things like browser logins works fine, and we have no issue with that, the issue is specific to the MFA authentication over the NPS server having no reauthentication time.
Microsoft Security | Microsoft Authenticator
Sign in to answer