AzuMFA Extension for NPS – Stopped working

So, Azure MFA Extension for NPS was setup RDS and it was working till last week.


Allow of sudden the MFA notification stopped.  User no longer get notification on their mobile, text or a call when they try to sign into any server through RDS (Outside the network)

Diagnosis :

  • When we tried the office 365 portal, it worked just fine.  Users got their notification on to their device and allowed to access the portal.
  • In the logs, we see lot of
    • Source:        Microsoft-AzureMfa-AuthZ
    • Event ID:      4
    • Description:
    • NPS Extension for Azure MFA: Radius request is missing NAS Identifier and Nas IpAddress attribute.Populating atleast one of these fields is recommended
  • Authentication with Azure MFA
    • Source:        Microsoft-AzureMfa-AuthZ
    • Event ID:      2
    • Computer:
    • Description:
    • NPS Extension for Azure MFA: Unknown exception

So, at this point I don’t know what was wrong, as it was working without any issues.  No changes made recently

After having to go through the following article

The line which struck me is the following.

The NPS Extension for Azure MFA is available to customers with licenses for Azure Multi-Factor Authentication (included with Azure AD Premium, EMS, or an MFA stand-alone license). Consumption-based licenses for Azure MFA such as per user or per authentication licenses are not compatible with the NPS extension.

For testing, i assigned a MFA Standalone license for a user – It worked.

But still i was confused why it was working all this while? After speaking to MS, the preview version was active and MS their functionality for 30 more days so the client can choose a plan. (Client claimed that they never received any communication)

Hope this helps.



One thought on “AzuMFA Extension for NPS – Stopped working

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.