Azure AD Joined Hello for Business and NPS Radius Authentication

%3CLINGO-SUB%20id%3D%22lingo-sub-2387537%22%20slang%3D%22en-US%22%3EAzure%20AD%20Joined%20Hello%20for%20Business%20and%20NPS%20Radius%20Authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2387537%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20guys%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20starting%20to%20roll%20out%20the%20Windows%20VPN%20client%20using%20L2TP%20to%20our%20computers%20which%20are%20a%20mixture%20of%20Hybrid%20Joined%20and%20Azure%20AD%20joined.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAll%20computers%20in%20the%20business%20have%20got%20Windows%20Hello%20for%20Business%20and%20this%20works%20well.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20issue%20I%20am%20having%20is%20for%20the%20Azure%20AD%20joined%20machines%20only%20signing%20in%20with%20biometrics.%20They%20are%20unable%20to%20connect%20to%20the%20VPN%20with%20successfully%20when%20they%20use%20the%20'-UseWinlogonCredential'%20switch.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20is%20not%20an%20issue%20with%20Hybrid%20Joined%20machines%20signing%20in%20with%20biometrics.%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20struggling%20to%20find%20a%20solution%20to%20this%20problem%2C%20so%20for%20the%20interim%20those%20machines%20are%20simply%20prompting%20the%20user%20for%20their%20username%20and%20password%20which%20gets%20accepted.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20suspect%20it's%20a%20certificate%20issue%20for%20Azure%20AD%20joined%20machines%20only%20but%20not%20too%20sure%20how%20to%20configure%20the%20NPS%20to%20allow%20these%20through.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20advice%20is%20greatly%20appreciated!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2387537%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EHello%20for%20Business%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ENetwork%20Policy%20Server%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EVPN%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Visitor

Hi guys,

 

I am starting to roll out the Windows VPN client using L2TP to our computers which are a mixture of Hybrid Joined and Azure AD joined.

 

All computers in the business have got Windows Hello for Business and this works well. 

 

The issue I am having is for the Azure AD joined machines only signing in with biometrics. They are unable to connect to the VPN with successfully when they use the '-UseWinlogonCredential' switch.

 

This is not an issue with Hybrid Joined machines signing in with biometrics. 

I am struggling to find a solution to this problem, so for the interim those machines are simply prompting the user for their username and password which gets accepted.

 

I suspect it's a certificate issue for Azure AD joined machines only but not too sure how to configure the NPS to allow these through. 

 

Any advice is greatly appreciated!

0 Replies