| by TheIneptOne | No comments

Using Azure MFA with RADIUS for VPN Access

We need to have staff use MFA when connecting to our VPN connection. Luckily Microsoft Azure has an MFA extension that you can install on your NPS RADIUS server!

I recommend spinning up a new NPS server if you have only one that handles both VPN and Wifi connections. Installing the Azure MFA NPS Extension will require MFA for all connections on that server.


Downlead the NPS Extension from Microsoft to your NPS server and run the installer. BY default, the NPS Extension will install to C:\Program Files\Mircosoft\AzureMfa.

Once installed, open PowerShell as Administrator and change directories

cd "C:\Program Files\Microsoft\AzureMfa\Config"

Then run the setup script. The script will ask to download and install NuGet, which will install and setup various settings.


When the script finally runs, you’ll be asked to sign in to your Azure instance. You’re account will require Global Admin Access for this step.

Next, you’ll be asked to enter your Tenant ID. This can be found by doing the following:

  • Sign into the Azure Portal
  • Select Azure Active Directory > Properties
  • Copy the Directory ID


Paste the Tenant ID into PowerShell and hit Enter. The Script will finish the setup and restart the NPS service. Once completed, please Enter to continue.

That’s it. You should be good to go and test the deployment. If all goes well, when you attempt to connect to your VPN, you’ll be prompted to approve the connection in the Microsoft Authenticator app.

More information from Microsoft can be found here:


Leave a Reply