Good morning,
We are currently in the process of adding Azure NPS MFA extension to our RADIUS servers and running into an issue with receiving 2FA prompts on end user devices.
Capture shows the RADIUS server is sending the 2FA prompt "Enter your Microsoft Verification Code" to the RADIUS client (the MX) but we aren't seeing it.
Azure MFA is set to default push notifications for test users.
I feel like I'm missing something simple here, any help would be greatly appreciated. Thanks.
Solved! Go to solution.
First tip - don't use NPS with the MFA extension. It tends to break regularly and is hard to debug. Second problem, it only supports push notifications for MFA. Very restrictive.
Instead, authenticate AnyConnect directly against Azure AD using SAML.
https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance/Authentication
Have you added Meraki Anyconnect to the Conditional Access Policy?
No Conditional Access policies are configured - tenant is using Security Defaults
First tip - don't use NPS with the MFA extension. It tends to break regularly and is hard to debug. Second problem, it only supports push notifications for MFA. Very restrictive.
Instead, authenticate AnyConnect directly against Azure AD using SAML.
https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance/Authentication
This is the path we are taking. I've had a time with getting the NPS extension to half way function. Thanks to everyone for the feedback!
ps. You'll need to open a support case and ask support to turn on SAML for AnyConnect.