NPS extension with Azure MFA

Question

Hi there,
It been few days since Im scratching my head with issue and wondering if someone can help.
My NPS server seems not forwarding the AUTH request to Azure for MFA, local authentication works fine.
I have configure everything as per the below guide...
https://techcommunity.microsoft.com/t5/microsoft-identity-manager/step-by-step-protecting-rd-gateway-with-azure-mfa-and-nps/m-p/1217077#
and event view on NPS shows the below message and discarding the auth request..
NPS Extension for Azure MFA: CID: xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx : Request Discard for user user@keyman .com with Azure MFA response: UserNotFound and message: The specified user was not found.,,,xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx.

I wondering if anyone came across this issue and know how to fix it ?
Thank you all in advanced.

Answer 1

@Sam Cook , To check SAMaccountname on Azure, you can login to https://developer.microsoft.com/en-us/graph/graph-explorer# with the same user by clicking on Sign-in using Microsoft button on the left and make GET call: https://graph.microsoft.com/beta/me/. In response look for the value of onPremisesSamAccountName attribute.

If you are logging in to RDP session using UPN, can you confirm if you are syncing onprem UPN as Cloud UPN or syncing email as UPN? If you are syncing email as UPN you would need to configure Alternate Login ID.

Answer 2

@Sam Cook
Have you synced the user to Azure AD? If you are using domain\username to connect to via RDP, can you check if the OnpremiseSamAccountName attribute in Azure AD user properties contains the SAMAccount name of the onprem user?