Azure AD NPS Extension - License Confusion

Jake Bloomfield 31 Reputation points
2022-01-23T15:50:44.54+00:00

Hi,

I'm trying to implement the Azure MFA NPS extension to allow our on-prem VPN to use Azure AD MFA - using this guide: https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension

I am confused as to what license(s) I need for this to work. Our tenant currently uses Office 365 E3 subsciptions, and I can see in the Azure Portal that the license is "Azure AD Premium P1".

When going through the PowerShell portion of the setup, I was getting the following error: "New-MsolServicePrincipal -AppPrincipalId..."

Can I get some clarification?

Thanks

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,442 questions
{count} vote

Accepted answer
  1. Shashi Shailaj 7,581 Reputation points Microsoft Employee
    2022-02-02T18:35:34.34+00:00

    @Jake Bloomfield , Apologies for the delay on this. I checked on this and found that this can occur if you do not have "Azure Multi-Factor Auth Client" application registered within your tenant . This is a first party application provided from Microsoft but sometime due to transient issues it may not be present in a tenant . In order to check the same , you can use the following powershell cmdlet .
    Connect-MsolService
    Get-MsolServicePrincipal -AppPrincipalId 981f26a1-7f43-403b-a875-f8b09b8cd720

    Or you can check the same from the portal as shown in the picture.

    170637-image.png

    Go to https://aad.portal.azure.com > "Enterprise Applications" > Search for "Azure Multi-Factor Auth Client" > Check properties for this app > Confirm if the service principal is enabled or disabled > Click on the application entry > Go to Properties of the app > If the option "Enabled for users to sign-in? is set to No in Properties of this app , please set it to Yes.

    170615-image.png

    If this app is not present , Please try to run the following cmdlet using a global admin credentials on the Azure AD powershell prompt .

    Connect-MsolService
    New-msolServicePrincipal -AppPrincipalId 981f26a1-7f43-403b-a875-f8b09b8cd720 -DisplayName "Azure Multi-Factor Auth Client"

    Now run \AzureMfaNpsExtnConfigSetup.ps1 .

    This should work.

    Regards,
    Shashi

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful