MFA Auth App not giving Approve / reject prompt for UPN Suffix

Amar Soni 1 Reputation point
2020-02-05T12:58:25.543+00:00

Hello Guys,

Having a weird issue. We've implemented Azure MFA via NPS Extension on an on premise NPS Server and have our AD synced up with Azure. We're using it for RD Gateway MFA security and testing it via multiple locations it's been working pretty good for some users.

We had our users verify MFA trigger via Microsoft Authenticator App.

We have one UPN suffix with our domain. Our domain is XYZ.com and UPN Suffix is XYZCompany.com

The problem we're having is with couple of users is having UPN suffix for email address requirement and whey they are trying to do login to RDGateway server it is not prompting for Approve or Reject on Authenticator application

This issue occurred only when we trying to access RDGateway so user with UPN like user@xyz .com (Domian Name) is getting prompt for approve / reject on RDGateway but user like user@XYZCompany.com is not getting prompt for approve / reject.

Other then that all users are having proper approve / reject prompt for all office 365 application and logins. We have issue only with RD Gateway.

Thank you,

ASoni

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,662 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marilee Turscak-MSFT 34,066 Reputation points Microsoft Employee
    2020-02-08T00:06:58.36+00:00

    This can happen if the account is not being recognized during the primary authentication. Can you please share the logs from the vent viewer on the server where you have the NPS role configured? These will give us a better idea of what might be causing the issue.

    https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-errors

    If you prefer, you can send these to me at AzCommunity@microsoft.com.