Please find a workaround with the NPS Extension developers for hybrid use #63367
Comments
|
@Moodjbow Thank you for your feedback . We will have this discussed internally and update this thread. |
|
@Moodjbow Thanks for the feedback, I am reaching out to PG internally to seek their comment. Will keep you posted. |
|
@Moodjbow This is what I got from PG : "At this time, we do not have any regkey with this functionality. We do have a regkey where if the user isn't proofed up for Azure MFA, it will bypass MFA and allow the user to login, but if the user is registered for MFA, it will call them. If they have an application they don't want to have MFA on it, or it's not supported, they'll need to point traffic to an NPS Server that doesn't have the Extension. NPS Extension is basically an on & off switched when installed. That regkey for users not registered for MFA, will bypass is call "Require User Match" Let us know if you have any follow up questions. |
|
@Moodjbow We will be closing this now, please feel free to tag me in your reply if you have any questions. |
Dear Microsoft colleagues,
your proposal under "Control RADIUS clients that require MFA" to spin up a second NPS does not scale up. Imagine big companies with multiple sites and VPN gateways (as ours).
I have worked with SMSPasscode in the past and know that it is also developed as an NPS extension but is capable of excluding NPS policies from its scope.
Please consult the developers of your extension. I'm sure that they have an undocumented registry key for that.
Thank you in advance!
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
The text was updated successfully, but these errors were encountered: