14 votesunder review · 3 comments · Azure Active Directory » Domain Services · Flag idea as inappropriate… · Admin →
Thanks for the feedback here. It was originally for the following use case(s)
- For troubleshooting and being able to see exactly when attributes have been synced between the 2 directories. I know internally MS have a report on this
- The second one was round a ticket I raised (119052025000811) as per the attached file.Gerry shared this idea ·
Multiple scenarios are still being investigated.
CONFIRMED that NPS and Azure AD Domain Service can work with the Azure MFA NPS extension to enable MFA for RDP to virtual machines. That said, Azure Bastion Host (https://docs.microsoft.com/en-us/azure/bastion/bastion-overview) provides the same value without the additional infrastructure of NPS. We have a doc bug created to add the nuance to our documentation, which is to 1) Skip registering the NPS server and 2) ensure your network policy has “Ignore user account dial-in properties” selected.
Leaving the topic open as we continue to investigate/validate other NPS use cases (e.g. VPN and 802.x scenarios)
Senior Program Manager
IAM Core | Domain Services
@mike Stephens. First of it's great that you are actively commenting on and reviewing the user voice forums.
The set up you have confirmed below we have had working for about 18 months. The main issue we have with this configuration relates to password changes.
i.e. user changes password in azure AD. There is then a period where the synchronisation process runs to update the password in AADDS. Due to this 'sync lag' which seems to vary in time and we have very little visibility over as per the user voice I raised below, means that users cannot use WiFi through the NPS\AADDS solution until this process completes (Its particularly bad with new users).
If Radius authentication could be done directly against Azure AD it would remove these challenges.
58 votes8 comments · Azure Active Directory » Self-Service Password Reset · Flag idea as inappropriate… · Admin →
Would really like to see this feature. It's causing us issues with Azure only users tha thave no O365 license