243 votesunder review · 38 comments · Azure Active Directory » Domain Services · Flag idea as inappropriate… · Admin →Robert Russell commented
This is possible if you're using AADDS in Azure. Make an NPS server, join it to AADDS, send your RADIUS requests to it and set the network policy to allow Domain Users from your domain. It will work. You do not need to register the server.
For anyone else out there who's doing this - I achieved an "SSO" VPN with MFA using these pieces:
Azure Active Directory Domain Services domain
NPS Server, Windows 2016
Meraki Security Appliance (which forwards requests to a RADIUS server)
Intune (Pushes the VPN profile)
MFA Extension for NPS servers (You must use push notification or phone call for MFA if you do this)
If you want to load balance this as well, I was able to, but you need to put both an external and an internal load balancer between the two NPS servers. This allows the MFA extension to make outbound connections to the web. You only allow RADIUS requests on the internal.
I'm going to be testing to see if this works with our Wi-Fi APs but I honestly don't see why it wouldn't.
Thank you for your feedback! We have heard you and are considering future implementation options. There is no timeline yet for implementation. If this feature matters to you, keep voting as it will help us prioritize.
We are currently investigating this feature request.
To clarify this ask, are you wanting a way to unlock a user’s account from the AAD admin portal?
Sadie Henry (sahenry)
676 votesRobert Russell commented
Would really like this to work so we can start using 2FA for VPN.
We understand the gap, and are actively reviewing the scenario around password expiry notifications
163 votes31 comments · Azure Active Directory » Groups/Dynamic groups · Flag idea as inappropriate… · Admin →
Our feature team is looking into options for addressing this scenario, but we do not yet have any timelines to share. For now as a workaround, you can manually trigger the reprocessing by updating the membership rule to add a whitespace at the end. We’ve also added the ability to check the membership processing status, to keep track of the status and know if processing is complete.
Sorry for the previous confusing status. We are not planning to allow Azure AD B2C users to have access to powerBI. We are however starting work to enable audit data from Azure AD B2C to be surfaced through PowerBI.