NPS with Azure MFA not working with A5 license

Jason 1 Reputation point
2021-02-12T17:12:57.267+00:00

Working on setting up the Azure MFA with NPS and get the following error:

NPS Extension for Azure MFA: NPS Extension for Azure MFA only performs Secondary Auth for Radius requests in AccessAccept State. Request received for User username with response state AccessReject, ignoring request.

And, when we run the troubleshooting script, MFA_ NPS_Troubleshooter.ps1, we get the following failure:

Check if you have a valid MFA License for Azure MFA NPS: https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension#licenses

However, our users have A5 licenses, and we have AAD P1 and P2 licensing.

What are we missing?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,497 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Marilee Turscak-MSFT 36,946 Reputation points Microsoft Employee
    2021-02-12T21:44:19.87+00:00

    The A5 license includes the Premium P1 so as long as you have the right number of licenses assigned to the users (at least one license for every user) then you should be fine.

    The first error is usually related to a firewall or connection issue. From the Troubleshooting guide:

    This error usually reflects an authentication failure in AD or that the NPS server is unable to receive responses from Azure AD. Verify that your firewalls are open bidirectionally for traffic to and from https://adnotifications.windowsazure.com and https://login.microsoftonline.com using ports 80 and 443. It is also important to check that on the DIAL-IN tab of Network Access Permissions, the setting is set to "control access through NPS Network Policy". This error can also trigger if the user is not assigned a license.

    If there was a bug with the licenses themselves not working then I think we would have a lot more users reporting this so I suspect that there may be a configuration missing.

    0 comments No comments

  2. Jason 1 Reputation point
    2021-02-12T21:54:41.31+00:00

    Right, I'm aware of what the troubleshooting guide says and have checked all that... I don't know what to do now. Thanks.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.