cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Exclude users Azure MFA NPS integration

PetterTech
Copper Contributor

‎Nov 06 2019 01:43 AM

‎Nov 06 2019 01:43 AM

Exclude users Azure MFA NPS integration

A client of ours have a RD environment configured with a RD Gateway that authenticates via a NPS server with the Azure MFA NPS extension configured. 

It all works perfectly for users with the authenticator app configured, but for various reasons they want the option to exclude users from having to use MFA when starting apps from RD. 

I have not found a way to achieve this, is it not possible?

Labels:
9,362 Views
0 Likes
6 Replies
Reply
6 Replies
Adam Weldon-Ming

‎Jan 26 2020 04:10 PM

‎Jan 26 2020 04:10 PM

Re: Exclude users Azure MFA NPS integration

@PetterTech 

 

Hey, did you ever get a solution to this?

0 Likes
Reply
PetterTech

‎Jan 26 2020 11:03 PM

‎Jan 26 2020 11:03 PM

Re: Exclude users Azure MFA NPS integration

@Adam Weldon-Ming 

I'm afraid not. Still an open question

0 Likes
Reply
Adam Weldon-Ming

‎Jan 27 2020 03:09 AM

‎Jan 27 2020 03:09 AM

Re: Exclude users Azure MFA NPS integration

@PetterTech 

I have it working if using the Azure MFA Portal. i.e. If a user is Disabled for MFA on the Azure MFA portal, then it does not ask them for MFA when connecting to the RDS to the Session or opening a remote app. 

 

However, on another client we've just got this setup in Conditional Access - and I cannot stop it from prompting the user (who doesn't require MFA) from getting MFA prompts. 

Will update if I make progress

0 Likes
Reply
HariharanMK

‎Feb 10 2020 07:12 AM

‎Feb 10 2020 07:12 AM

Re: Exclude users Azure MFA NPS integration

@Adam Weldon-Ming - when we disable the user in MFA, consider there are other application should enabled for MFA, I think we need to think about RDS/NPS perspective to exclude users. In my case i have to exclude MFA who ever using RDS. Is that can you help on this too..

0 Likes
Reply
Vitaliy_sp

‎Feb 11 2021 11:46 PM

‎Feb 11 2021 11:46 PM

Re: Exclude users Azure MFA NPS integration

@PetterTech 

Hi! I've found solution to exclude specific users, but not a group. On your rdgw, make CRP policy with username condition, which will authenticate request locally. Be sure to put this policy before forwarding one.

0 Likes
Reply
oxleypau

‎Jul 28 2021 08:20 AM

‎Jul 28 2021 08:20 AM

Re: Exclude users Azure MFA NPS integration

@Vitaliy_sp 

the way i used to exempt accounts from MFA was to sync the account to Azure and remove the MFA login methods; so when the user account was authenticated against the RDG MFA checked the login methods because they were absent it did not use them and authenticated with NPS radius only. The accounts were 3rd party accounts for supporting internal applications so MFA was difficult to implement with shared accounts 3rd party accounts but we still needed MFA for normal AD accounts

0 Likes
Reply