How can we improve Azure Active Directory?

← Azure Active Directory

MFA NPS ext - Support for Network policies via RADIUS-Challange msg via SMS & OTP

When you have NPS extension, The problem is that when a user is using SMS or OTP, the user is not granted access based on the network policies that are defined in RADIUS server.

This is known limitation (MS says) with NPS where the network policies are not applied for SMS or OTP Flows.

If you use a challenge method it does not support the NAP policies. These are only evaluated during primary authentication.

When using Radius Challenge(for SMS or OTP), the Challenge response skips primary auth and so these policies are not evaluated.

But when the users have chosen MFA method PhoneAppnotification or VoiceCall, the user is granted acces bases on the right network policy.

18 votes
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

MickiW shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

1 comment

Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Matthijs Vader commented  ·   ·  Flag as inappropriate

    After having ran into this ourselves, I'd think this is super urgent. SMS and OTP are the simplest to use in countries where its difficult to obtain internet access (think being in an hotel in West Africa, Cameroun for example).

    And the other bad thing about this is that its totally opposite of what you expect; so a security flaw / issue.

Azure Active Directory: Multi-factor Authentication

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice