MFA Auth App not giving Approve / reject prompt for UPN Suffix

Amar Soni 1 Reputation point
2020-02-05T12:58:25.543+00:00

Hello Guys,

Having a weird issue. We've implemented Azure MFA via NPS Extension on an on premise NPS Server and have our AD synced up with Azure. We're using it for RD Gateway MFA security and testing it via multiple locations it's been working pretty good for some users.

We had our users verify MFA trigger via Microsoft Authenticator App.

We have one UPN suffix with our domain. Our domain is XYZ.com and UPN Suffix is XYZCompany.com

The problem we're having is with couple of users is having UPN suffix for email address requirement and whey they are trying to do login to RDGateway server it is not prompting for Approve or Reject on Authenticator application

This issue occurred only when we trying to access RDGateway so user with UPN like user@xyz .com (Domian Name) is getting prompt for approve / reject on RDGateway but user like user@XYZCompany.com is not getting prompt for approve / reject.

Other then that all users are having proper approve / reject prompt for all office 365 application and logins. We have issue only with RD Gateway.

Thank you,

ASoni

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,718 questions
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 20,596 Reputation points Microsoft Employee
    2020-02-08T00:06:58.36+00:00

    This can happen if the account is not being recognized during the primary authentication. Can you please share the logs from the vent viewer on the server where you have the NPS role configured? These will give us a better idea of what might be causing the issue.

    https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-errors

    If you prefer, you can send these to me at AzCommunity@microsoft.com.