none
Is it possible to temporarily disable the NPS Azure MFA Extension ? RRS feed

  • Question

  • I am looking at using the Azure MFA Extension for NPS. However, if the NPS server is not able to send requests to Azure, users will not be able to log in at all. Is there some sort of emergency kill switch (Short of uninstalling the extension on NPS) to temporarily disable the extension until access to Azure MFA services is restored?
    Wednesday, October 18, 2017 12:41 AM

All replies

  • Hi,

    Since the issue is more related with Azure, please have this asked in Azure Forum for better answers.

    https://social.msdn.microsoft.com/forums/en-US/home?category=windowsazureplatform,azuremarketplace,windowsazureplatformctp

    Prepare for users that aren't enrolled for MFA

    If you have users that aren't enrolled for MFA, you can determine what happens when they try to authenticate. Use the registry setting REQUIRE_USER_MATCH in the registry path HKLM\Software\Microsoft\AzureMFA to control the feature behavior. This setting has a single configuration option:

    The purpose of this setting is to determine what to do when a user is not enrolled for MFA. When the key does not exist, is not set, or is set to TRUE, and the user is not enrolled, then the extension fails the MFA challenge. When the key is set to FALSE and the user is not enrolled, authentication proceeds without performing MFA.

    You can choose to create this key and set it to FALSE while your users are onboarding, and may not all be enrolled for Azure MFA yet. However, since setting the key permits users that aren't enrolled for MFA to sign in, you should remove this key before going to production.

    Hope this helps.

    More information about MFA ,  please refer to the following article:

    https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-nps-extension

    Best Regards,
    Frank



    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.





    Wednesday, October 18, 2017 3:16 AM
  • Hi,
    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Frank

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, October 19, 2017 9:17 AM
  • Hi,

    Was your issue resolved?

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.
    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.
    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,
    Frank

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, October 24, 2017 3:59 PM