Adding context to Azure MFA NPS extension

2022-01-23T08:49:33.247+00:00

Hi,

I'd like to know if it's possible to add additional context to the authentication request when using the Azure MFA NPS extension.

We've been testing with additional context using the Authenticator app and noticed how basically all MFA notifications contain extra context, but not the ones generated by our RADIUS server using the NPS extension. We would like to see something like this, but with "App" returning something like "Contoso VPN":

location.png

We would like our users to be able to determine if this request is from our RADIUS server, so they can verify it's legitimacy. We mainly use it for VPN-access, but an automatic reconnect from the VPN-software could result in unexpected notifications. We don't want to educate our users by telling them to accepting unexptected requests because they have to assume it's the VPN-software.

Thanks,

Lars

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
7,742 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,898 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Siva-kumar-selvaraj 15,681 Reputation points
    2022-02-15T18:09:54.717+00:00

    Hello @ LarsAldersAragornICTDienstverlenin-5144,

    Unfortunately, additional context to Azure MFA Network Policy Server (NPS) extension is not supported since its technically not possible to do so because the RADIUS server validates users' primary authentication using the legacy protocol and initiates secondary authentication through the NPS extension on the user's behalf, thus there is no user-rich context exchanged, such as location.

    Please refer to FAQ of additional context in multifactor authentication (MFA) notifications (Preview): https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-mfa-additional-context#known-issues

    -----
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.