Forum Discussion

Mirza Dedic's avatar
Mirza Dedic
Brass Contributor
Sep 22, 2021

VPN Integration with Network Policy Server (NPS) RADIUS Accounting?

Hello,   Looking to integrate our 3rd party VPN solution with MSFT Defender for Identity.   The solution is using Microsoft's Network Policy Server (NPS) for authentication, and there are options...
Mirza Dedic's avatar
Mirza Dedic
Brass Contributor
Sep 22, 2021

It looks like the NPS server is not forwarding accounting messages to the DC based on wireshark data, we use the Azure MFA extensions and I read somewhere because of this it can't forward them.

Is there a way to feed this data into identity protection by other means? We have the NPS accounting logs on disk in DTS Compliant format.

 

In MCAS we can upload logs (https://docs.microsoft.com/en-us/cloud-app-security/discovery-docker), can we upload the NPS logs and have that tied to the "Accessed VPN Locations"?

EliOfek's avatar
EliOfek
Icon for Microsoft rankMicrosoft
Sep 23, 2021
Sadnly no, Radius messages (properly formatted) are currently the only way.
  • Mirza Dedic's avatar
    Mirza Dedic
    Brass Contributor
    Sep 23, 2021
    Thanks Eli,

    Is there a way to request feature enhancements for MDI? Would be very useful to train the system with our NPS VPN authentication logs to enhance Accessed VPN Locations reporting.
    • EliOfek's avatar
      EliOfek
      Icon for Microsoft rankMicrosoft
      Sep 27, 2021
      You can email MDI Feedback : AatpFeedback at microsoft com.
      • Benjamin Berglund's avatar
        Benjamin Berglund
        Copper Contributor
        Sep 16, 2022

        EliOfek Mirza Dedic hi, do you know if this feature has been added yet? I am also looking to configure VPN integration with Defender for Identity, Cisco ASA RADIUS client and RADIUS server is NPS with NPS extension.