Forum Discussion
Always On VPN Integration
Jason1330 If this accounting data is based on RFC 2866 (https://tools.ietf.org/html/rfc2866) as described in here Install Microsoft Defender for Identity VPN Integration | Microsoft Docs, it should technically work.
I tried a workaround by modifying the user-name attribute in NPS. It works for user accounts where the samAccountName matches the UPN prefix. But we have a few users where that does not match, usually due to very long names.
On the RRAS server open Network Policy Server. Under Policies/Connection Request Policies edit the policy that's used for your connections. On the Settings tab, under Attribute, set the attribute to User-Name and click Add. In the Find field enter the UPN suffix domain name @domain.com. In the replace field leave it blank.
With this in place users are still able to authenticate, and accounting now sends the user name as just the prefix, basically the SamAccountName instead of UPN, and the sensor agent is able to properly report it.
I can't leave it like this for now. It would be better if the sensor agent could properly handle UPNs.