cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Microsoft Secure Tech Accelerator
Apr 13 2023, 07:00 AM - 12:00 PM (PDT)
Microsoft Tech Community
Find out more
SOLVED

Azure MFA using NPS without local domain?

JayBeeFinalBeta
Occasional Contributor

‎Apr 17 2020 12:12 PM

‎Apr 17 2020 12:12 PM

Azure MFA using NPS without local domain?

Hi, I have a site where I want to protect the VPN service using (RADIUS) and Azure MFA. 

The site currently doesn't have a local active directory domain controller. The users connecting to the VPN are Azure AD users (P1). 
I'm hoping not to need to set up a local domain controller, but just keep the NPS server in a workgroup. Is this possible? 

1,307 Views
0 Likes
4 Replies
Reply
4 Replies
best response confirmed by JayBeeFinalBeta (Occasional Contributor)
Moe_Kinani

‎Apr 17 2020 07:29 PM - edited ‎Apr 17 2020 07:31 PM

‎Apr 17 2020 07:29 PM - edited ‎Apr 17 2020 07:31 PM

Solution

Re: Azure MFA using NPS without local domain?

Hi Jay,

Not possible with NPS, I actually used the NPS extension for Azure P2S last year, you don’t need to have MFA server but you must have Local domain to do the authentication part.

You may have to look for different Radius setup like DUO for instance!

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension
0 Likes
Reply
Thijs Lecomte

‎Apr 18 2020 07:48 AM

‎Apr 18 2020 07:48 AM

Re: Azure MFA using NPS without local domain?

What kind of VPN provider are you using.

There are a lot of VPN providers that have native authentication to Azure AD.
Check out this Reddit article for some examples: https://www.reddit.com/r/sysadmin/comments/db05ih/vpn_with_azure_ad_authentication/
0 Likes
Reply
JayBeeFinalBeta

‎Apr 18 2020 12:52 PM

‎Apr 18 2020 12:52 PM

Re: Azure MFA using NPS without local domain?

@Thijs Lecomte That's a good suggestion. I did look at that, unfortunately, my hardware firewall doens't support it and I need to resort to RADIUS. 

0 Likes
Reply
JayBeeFinalBeta

‎Apr 18 2020 12:55 PM

‎Apr 18 2020 12:55 PM

Re: Azure MFA using NPS without local domain?

@Moe_Kinani Fair enough, I've just implemented an NPS server with the Extension (leaning on a local AD too). I like DUO very much, it can do things MS should have done out of the box a long time ago (like easy RDP MFA). But the idea is to have everything using the same authentication (and I'm now using SAML to AzureAD on all webservices)

1 Like
Reply