A quick update to.. We've developed a click-thru webapp that uses graph API to seamlessly login the user (SSO to O365), authorize to the meraki, and then redirect the user to their original page.     By setting the duration of the authorization in the Meraki dashboard you can have it re-authorize every 90 days for example or revoke the authorization manually.   If there is enough interest, we'll polish the solution up and provide it as either source code or a possible service if there is enough interest. Let me know. Thanks!   -Ingram ... View more

Does the license you buy from Meraki include the VM or is the VM an additional cost. From what I can tell the VM is about $85/month. Any clarification would be helpful. THanks! ... View more

This issue seemed to resolve. We tested about a week ago and it continues to connect successful today. ... View more

I agree if it prompted over and over wouldn't be useful, but When we use MFA/2FA with other applications like Outlook, Skype for Business, or other website resources they don't re-prompt for MFA until a policy timeout period (30 days, etc).       To me it seems the world is heading this direction, why not wireless authentication (or at least for a period of policy timeout).     Microsoft's RADIUS Network Policy server supports RADIUS with MFA, SourceURL:https://docs.microsoft.com/en-us/azure/multi-factor-authentication/nps-extension-vpn VPN integration with Azure MFA using NPS extension | Microsoft Docs The VPN server receives an authentication request from a VPN user that includes the username and password to connect to a resource, such as a Remote Desktop session. Acting as a RADIUS client, VPN server converts the request to a RADIUS Access-Request message and sends the message (password is encrypted) to the RADIUS (NPS) server where the NPS extension is installed. The username and password combination is verified in Active Directory. If the username / password is incorrect, the RADIUS Server sends an Access-Reject message. If all conditions as specified in the NPS Connection Request and Network Policies are met (for example, time of day or group membership restrictions), the NPS extension triggers a request for secondary authentication with Azure MFA. Azure MFA communicates with Azure Active Directory, retrieves the users's details, and performs the secondary authentication using the method configured by the user (text message, mobile app, and so on).  (I assume this secondary authentication could be configured, as to when and what rules it should ask) Upon success of the MFA challenge, Azure MFA communicates the result to the NPS extension. After the connection attempt is both authenticated and authorized, the NPS server where the extension is installed sends a RADIUS Access-Accept message to the VPN server (RADIUS client). The user is granted access to the virtual port on VPN server and establishes an encrypted VPN tunnel.   ... View more

Interesting information. I haven't made any process with Meraki support. The latest they want me to contact Apple.     Have you made any progress?      It seem as they need to re-issue the certificate for radius.meraki.com with SHA-256.   After reading you message, I found this article that I found helpful about SHA1 depreciation.  https://blog.qualys.com/ssllabs/2014/09/09/sha1-deprecation-what-you-need-to-know       ... View more