There is an NPS extension for Azure AD, you must install it on a domain joined server and the server must have access to a few Microsoft endpoints, but those are the only requirements.
Some references for you:
- RADIUS authentication with Azure AD
- VPN reference setup guide with RADIUS and Azure AD MFA
One thing to note: Microsoft recommend you upgrade your VPN’s to SAML and directly federate your VPN with Azure AD. This gives your VPN the full breadth of Azure AD protection, including Conditional Access, Multi-Factor Authentication, device compliance, and Identity Protection..