Azure AD Joined Hello for Business and NPS Radius Authentication

Copper Contributor

Hi guys,


I am starting to roll out the Windows VPN client using L2TP to our computers which are a mixture of Hybrid Joined and Azure AD joined.


All computers in the business have got Windows Hello for Business and this works well. 


The issue I am having is for the Azure AD joined machines only signing in with biometrics. They are unable to connect to the VPN with successfully when they use the '-UseWinlogonCredential' switch.


This is not an issue with Hybrid Joined machines signing in with biometrics. 

I am struggling to find a solution to this problem, so for the interim those machines are simply prompting the user for their username and password which gets accepted.


I suspect it's a certificate issue for Azure AD joined machines only but not too sure how to configure the NPS to allow these through. 


Any advice is greatly appreciated!

3 Replies

@JR900 Did you ever figure something out here? I'm struggling with a similar problem and I'm not having much luck in my search for answers so far.

@martinrh Unfortunately not.


I decided to go down a different route to semi-get around this issue. It would have been nice to have it fully implemented, but without much resource out there and limited time, I wasn't able to implement it.

I also am having this issue - been digging through documentation and still can't find a solution. Anyone find any hits or anyone from @Pernille-Eskebo have a solution?