NPS extension for Azure MFA - Allow to use the Realm manipulation in Connection Request Policies
NPS server cannot perform real manipulation to change the domain name from the user UPN before the AD authentication happens, even if the Connection Request Policies contains the appropriate rule. This is a limitation for us when consolidating companies through AD on premises and Azure AD, including Azure AD MFA. Actually, UPNs are different until the AD migration is complete and having a chance to manipulate the realm might help us to accelerate the integration.
Having said that, it would be a nice feature to have the NPS server to NOT ignore the realm manipulation when the rule is active in the Connection Request Policy
As a consequence of this, when using the value of the AD attribute "LDAPALTERNATELOGINID_ATTRIBUTE" the NPS extension should consider the manipulated realm
Thank you very much for your attention.