Jul 01 2021
02:24 AM
- last edited on
Jan 14 2022
03:26 PM
by
TechCommunityAP
Jul 01 2021
02:24 AM
- last edited on
Jan 14 2022
03:26 PM
by
TechCommunityAP
i'm trying to setup azure AD MFA for an onpremise SSTP VPN setup. But I't doesn't work.. User gets a timeout when I switch authentication from windows authentication to radius server (a seperate server with NPS that has the Azure NPS addon installed).
When checking with a powershell script, I keep getting a message that the license is not appropriate. However the users has both a Microsoft 365 Business Standard as well as a Azure AD Premium P1 assigned.
--
User anakin@somedomain.com has not a valid license for MFA, it's a warning message to be legal from licensing side... Test FAILED
Test will continue to detect additional issue(s), Please make sure to assign a valid MFA License for the user (AD Premium, EMS or MFA standalone license
--
What am I missing here... Health check transscript below...
start Running the tests...
Checking if anakin@somedomain.com is EXIST in Azure AD ...
User anakin@somedomain.com is EXIST in Azure AD... TEST PASSED
Checking if anakin@somedomain.com is SYNED to Azure AD from On-premises AD ...
User anakin@somedomain.com is SYNCED to Azure AD ... Test PASSED
Checking if anakin@somedomain.com is BLOCKED to sign in to Azure AD or Not ...
User anakin@somedomain.com is NOT BLOCKED to sign in to Azure AD ... Test PASSED
Checking if anakin@somedomain.com is HEALTHY in Azure AD or Not ...
User anakin@somedomain.com status is HEALTHY in Azure AD ... Test PASSED
Checking if anakin@somedomain.com already completed MFA Proofup in Azure AD or Not ...
User anakin@somedomain.com Completed MFA Proofup in Azure AD with PhoneAppNotification as a Default MFA Method ... Test PASSED
Checking if anakin@somedomain.com has a valid license for MFA ...
User anakin@somedomain.com has not a valid license for MFA, it's a warning message to be legal from licensing side... Test FAILED
Test will continue to detect additional issue(s), Please make sure to assign a valid MFA License for the user (AD Premium, EMS or MFA standalone license
Checking the Dial-In status for anakin@somedomain.com in local AD
User anakin@somedomain.com Allowed for Network Access Permission in local AD ... Test PASSED
Refer to https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-np-access for more infor about this option
Check Completed, please fix any issue run the test again, if no issues found please contact MS support
PS C:\beheer\Azure_MFA_NPS_extension_health_check_script>
Jul 03 2021 12:42 AM