Thanks for the feedback. We’ll add this to the backlog and watch for more votes to help prioritize.
CONFIRMED that NPS and Azure AD Domain Service can work with the Azure MFA NPS extension to enable MFA for RDP to virtual machines. That said, Azure Bastion Host (https://docs.microsoft.com/en-us/azure/bastion/bastion-overview) provides the same value without the additional infrastructure of NPS. We have a doc bug created to add the nuance to our documentation, which is to 1) Skip registering the NPS server and 2) ensure your network policy has “Ignore user account dial-in properties” selected.
Leaving the topic open as we continue to investigate/validate other NPS use cases (e.g. VPN and 802.x scenarios)
Senior Program Manager
IAM Core | Domain Services
Using the Azure MFA Server is also not possible because NPS requires "Enterprise Admin" rights.
The following article describes how to configure NPS/RADIUS. However, due to limitations with AAD:DS we are unable to complete the setup successfully.
I posed an issue to the document for assistance configuring the NPS Extension after the ICM request to assist with the necessary change was rejected.
The lack of NPS/RADIUS support is a major challenge in pitching the solution to upper management
This is currently in planning for enabling it for Azure AD joined devices, NOT for AAD DS
Thanks for the feedback. This is currently not possible, and not in our roadmap. We will review the ask and post updates if the status changes.
30 votes5 comments · Azure Active Directory » Self-Service Password Reset · Flag idea as inappropriate… · Admin →
Hi folks! I apologize for the delay in response here. This work is still planned and will start soon. I will update this request as soon as work has started. Thank you for your patience!
We currently use IaaS Azure Backup of VMs, which is limited to backing up to the local datacenter. We looked at using the Azure Backup Agent as a means to backup VMs to an alternate datacenter after the recent issue with storage layer in our current azure region recently.
This is being worked on currently.
4 votesstarted · 1 comment · Azure Active Directory » Azure AD Connect · Flag idea as inappropriate… · Admin →