locked
MFA Auth App not giving Approve / reject prompt for UPN Suffix RRS feed

  • Question

  • Hello Guys,

    Having a weird issue. We've implemented Azure MFA via NPS Extension on an on premise NPS Server and have our AD synced up with Azure. We're using it for RD Gateway MFA security and testing it via multiple locations it's been working pretty good for some users.

    We had our users verify MFA trigger via Microsoft Authenticator App.

    We have one UPN suffix with our domain. Our domain is XYZ.com and UPN Suffix is XYZCompany.com  

    The problem we're having is with couple of users is having UPN suffix for email address requirement and whey they are trying to do login to RDGateway server it is not prompting for Approve or Reject on Authenticator application

    This issue occurred only when we trying to access RDGateway so user  with UPN like user@XYZ.com (Domian Name) is getting prompt for approve / reject on RDGateway but user like user@XYZCompany.com is not getting prompt for approve / reject.

    Other then that all users are having proper approve / reject prompt for all office 365 application and logins. We have issue only with RD Gateway.

    Thank you, 

    ASoni 

    Thursday, December 19, 2019 1:29 PM

Answers

  • Hi Amar, 

    This could happen if the account is not being recognized during the primary auth. Have you looked at the logs in the event viewer on the server where you have the NPS role configured? Ideally, the error in the logs will help us isolate the issue further.

    we're migrating from MSDN to Microsoft Q&A as our new forums and Azure AD has already been moved to Microsoft Q&A. I would recommend reposting your question here along with the error to help you further.


    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!

    Friday, December 27, 2019 6:44 AM