I would like to post again the solution I'm currently using.
Check the link below, that refers to a previous post in this thread:
Create a new resource and search for "RADIUS 2016 Server - Wireless Authentication NPS"
Cloud Infrastructure Services company launched a VM with the role already up and released a tutorial on their site, following the principals I've posted before.
Hope it helps
@David Harris, I'm with you David.
Anonymous, AzureAD updates passwords and their hashes on AADDS. I have that running.
I agree with you with not receiving early password expiration notifications.
Still working today and other fellow colleagues that read this thread are also using this workaround.
So few needed to have this working MS.
CONFIRMED that NPS and Azure AD Domain Service can work with the Azure MFA NPS extension to enable MFA for RDP to virtual machines. That said, Azure Bastion Host (https://docs.microsoft.com/en-us/azure/bastion/bastion-overview) provides the same value without the additional infrastructure of NPS. We have a doc bug created to add the nuance to our documentation, which is to 1) Skip registering the NPS server and 2) ensure your network policy has “Ignore user account dial-in properties” selected.
Leaving the topic open as we continue to investigate/validate other NPS use cases (e.g. VPN and 802.x scenarios)
Senior Program Manager
IAM Core | Domain Services
Please check this.
Follow the instructions provided for a temporary workaround.