May 26 2021
I am starting to roll out the Windows VPN client using L2TP to our computers which are a mixture of Hybrid Joined and Azure AD joined.
All computers in the business have got Windows Hello for Business and this works well.
The issue I am having is for the Azure AD joined machines only signing in with biometrics. They are unable to connect to the VPN with successfully when they use the '-UseWinlogonCredential' switch.
This is not an issue with Hybrid Joined machines signing in with biometrics.
I am struggling to find a solution to this problem, so for the interim those machines are simply prompting the user for their username and password which gets accepted.
I suspect it's a certificate issue for Azure AD joined machines only but not too sure how to configure the NPS to allow these through.
Any advice is greatly appreciated!