The NPS server is able to communicate to the URLs listed here via 80/443.On-premise AD that is syncing to Azure AD via Azure AD Connect.Windows Server 2012 or newer with the NPS role installed.Users are registered to use either the Authenticator app notifications or phone call MFA methods. This is necessary because the SonicWall VPN clients do not allow you to enter an MFA code, whether generated via TOTP or SMS.Azure MFA deployed to users and licensed for its use (Azure AD Premium P1/P2 or EMS).While I will not be walking through how to configure any of these prerequisites, as there is plenty of information available on these topics, you should review them and confirm they are in place so you don’t run into issues following the rest of this guide. While both of the vendor documents I’ve linked contain information on how to configure each piece of this solution separately, I am going to walk through the exact steps you need to take to implement the solutions so they fully work together. By configuring that solution and then configuring your SonicWall firewall to use RADIUS authentication for VPN clients via the same server running NPS, you are able to enforce MFA on new VPN connections. Microsoft’s Network Policy Server (NPS) extension allows you to add your existing Azure AD MFA to your infrastructure by pairing it with a server that has the NPS role installed.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |