Settings, also the MFA-Settings of the user.Īfter this, the user can login, but has to provide the In the new popup, select "Require selected users User and click "Manage user settings" on the link on the right Lastly, if you have users with MFA disabled but they receive the authentication request anyway, go to the "Multi-FactorĪuthentication"-Page (. The registry values for the extension DLLs and restart the NPS service Primary authentication for VPN is successful. Network Policy Service (IAS) service for the changes to take effect Registry values for “AuthorizationDLLs” and “ExtensionDLLs”, not the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AuthSrv\Parameters
I haven't tied it, but in case you need to disable the NPS extension: (I had reverted my NPS server to a previous snapshot before I found this) My firewall VPN uses the same Radius server and MFA works for it also. This powershell comman enabled the RemoteDesktopGatewayManager on the RDG server (2016 Standard with Essentials installed): dism/online/Enable-Feature:Gateway-UIĪs a bonus, the NPS extension also works with other Radius connections.
Key to bypass mfa for users not enabled yet: StepBy Step Protecting RD Gateway With Azure MFA And NPS Extension - 3tallah's Blog Opens a new window IntegrateRDG with Azure AD MFA NPS extension - Azure Active Directory | Microsoft Docs Opens a new windowįew extra steps for From and To policies that allowed the connection to work: (if the above works you can skip this one) This is the Microsoft article that got me mostly there: Thanks to everyone for helping to make this happen. Good News! MFA is working for RDG! And the Registry key works for allowing non-MFA user accounts to bypass MFA.
0 kommentar(er)
