Running one NPS server for both wireless clients and VPN with MFA

New Contributor

Hi Team

 

I have an NPS server with existing RADIUS clients (APs) . I need to use the same server to be used as a RADIUS server for authenticating VPN clients . RADIUS client is a Palo Alto VPN firewall.

 

The question I have is whether I can  install "NPS Extension for Azure MFA" on the same server and authenticate only the VPN users without causing any issues to wireless access clients. Wireless users do not need the MFA. It is only the VPN users that need secondary authentication (MFA).

2 Replies
You have to install a seperate NPS server for Azure MFA requests, you can't use it for anything else. There are articles about bypassing the MFA requests (whitelisting of certain Radius clients) but is considered as a kind of 'hack' and doesn't seem supported https://github.com/MicrosoftDocs/azure-docs/issues/15176
Thank you very much for clarifying this.