Robert Russell

My feedback

  1. 243 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  38 comments  ·  Azure Active Directory » Domain Services  ·  Flag idea as inappropriate…  ·  Admin →
    Robert Russell commented  · 

    This is possible if you're using AADDS in Azure. Make an NPS server, join it to AADDS, send your RADIUS requests to it and set the network policy to allow Domain Users from your domain. It will work. You do not need to register the server.

    For anyone else out there who's doing this - I achieved an "SSO" VPN with MFA using these pieces:

    Azure Active Directory Domain Services domain
    NPS Server, Windows 2016
    Meraki Security Appliance (which forwards requests to a RADIUS server)
    Intune (Pushes the VPN profile)
    MFA Extension for NPS servers (You must use push notification or phone call for MFA if you do this)

    If you want to load balance this as well, I was able to, but you need to put both an external and an internal load balancer between the two NPS servers. This allows the MFA extension to make outbound connections to the web. You only allow RADIUS requests on the internal.

    I'm going to be testing to see if this works with our Wi-Fi APs but I honestly don't see why it wouldn't.

    Robert Russell supported this idea  · 
  2. 15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure Active Directory » Licensing  ·  Flag idea as inappropriate…  ·  Admin →
    Robert Russell supported this idea  · 
  3. 100 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Storage » Files  ·  Flag idea as inappropriate…  ·  Admin →
  4. 139 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    23 comments  ·  Azure Active Directory » Other  ·  Flag idea as inappropriate…  ·  Admin →
    Robert Russell supported this idea  · 
  5. 74 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Azure Active Directory » Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
    Robert Russell supported this idea  · 
  6. 46 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Azure Active Directory » End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
    Robert Russell supported this idea  · 
  7. 8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure Active Directory » Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
    Robert Russell supported this idea  · 
  8. 676 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    68 comments  ·  Azure Active Directory » Authentication  ·  Flag idea as inappropriate…  ·  Admin →
    Robert Russell commented  · 

    Would really like this to work so we can start using 2FA for VPN.

    Robert Russell supported this idea  · 
  9. 33 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Azure Active Directory » Authentication  ·  Flag idea as inappropriate…  ·  Admin →
    Robert Russell supported this idea  · 
  10. 34 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Active Directory » Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
    Robert Russell supported this idea  · 
  11. 163 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Our feature team is looking into options for addressing this scenario, but we do not yet have any timelines to share. For now as a workaround, you can manually trigger the reprocessing by updating the membership rule to add a whitespace at the end. We’ve also added the ability to check the membership processing status, to keep track of the status and know if processing is complete.

    Robert Russell supported this idea  · 
  12. 61 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  5 comments  ·  Networking » VPN Gateway  ·  Flag idea as inappropriate…  ·  Admin →
  13. 29 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Azure Active Directory » B2C  ·  Flag idea as inappropriate…  ·  Admin →
    Robert Russell supported this idea  · 

Feedback and Knowledge Base