You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Azure AD MFA replaced Approve/Deny push notifications with Number matching, except for specific scenarios - such as the NPS Extension - which don't support it.
Hence, the designation "push notifications" without any further context can leave ambiguity on whether the reference is for Number matching push notifications (default notification currently in place) or for the old/legacy Approve/Deny push notifications.
It is even more important to remove this ambiguity in this specific documentation, since RDG doesn't support Number matching push notifications (since, as mentioned in the doc itself, "The sign-in behavior for Remote Desktop Gateway doesn't provide the option to enter a verification code with Azure AD Multi-Factor Authentication"), only supporting the old/legacy Approve/Deny push notifications.
For context: https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-mfa-number-match
Copy file name to clipboardExpand all lines: articles/active-directory/authentication/howto-mfa-nps-extension-rdg.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -34,7 +34,7 @@ The Network Policy and Access Services (NPS) gives organizations the ability to
34
34
35
35
Typically, organizations use NPS (RADIUS) to simplify and centralize the management of VPN policies. However, many organizations also use NPS to simplify and centralize the management of RD Desktop Connection Authorization Policies (RD CAPs).
36
36
37
-
Organizations can also integrate NPS with Azure AD MFA to enhance security and provide a high level of compliance. This helps ensure that users establish two-step verification to sign in to the Remote Desktop Gateway. For users to be granted access, they must provide their username/password combination along with information that the user has in their control. This information must be trusted and not easily duplicated, such as a cell phone number, landline number, application on a mobile device, and so on. RDG currently supports phone call and push notifications from Microsoft authenticator app methods for 2FA. For more information about supported authentication methods see the section [Determine which authentication methods your users can use](howto-mfa-nps-extension.md#determine-which-authentication-methods-your-users-can-use).
37
+
Organizations can also integrate NPS with Azure AD MFA to enhance security and provide a high level of compliance. This helps ensure that users establish two-step verification to sign in to the Remote Desktop Gateway. For users to be granted access, they must provide their username/password combination along with information that the user has in their control. This information must be trusted and not easily duplicated, such as a cell phone number, landline number, application on a mobile device, and so on. RDG currently supports phone call and **Approve**/**Deny**push notifications from Microsoft authenticator app methods for 2FA. For more information about supported authentication methods see the section [Determine which authentication methods your users can use](howto-mfa-nps-extension.md#determine-which-authentication-methods-your-users-can-use).
38
38
39
39
Prior to the availability of the NPS extension for Azure, customers who wished to implement two-step verification for integrated NPS and Azure AD MFA environments had to configure and maintain a separate MFA Server in the on-premises environment as documented in [Remote Desktop Gateway and Azure Multi-Factor Authentication Server using RADIUS](howto-mfaserver-nps-rdg.md).
40
40
@@ -109,9 +109,9 @@ Once an account has been enabled for MFA, you cannot sign in to resources govern
109
109
Follow the steps in [What does Azure AD Multi-Factor Authentication mean for me?](https://support.microsoft.com/account-billing/how-to-use-the-microsoft-authenticator-app-9783c865-0308-42fb-a519-8cf666fe0acc) to understand and properly configure your devices for MFA with your user account.
110
110
111
111
> [!IMPORTANT]
112
-
> The sign-in behavior for Remote Desktop Gateway doesn't provide the option to enter a verification code with Azure AD Multi-Factor Authentication. A user account must be configured for phone verification or the Microsoft Authenticator App with push notifications.
112
+
> The sign-in behavior for Remote Desktop Gateway doesn't provide the option to enter a verification code with Azure AD Multi-Factor Authentication. A user account must be configured for phone verification or the Microsoft Authenticator App with **Approve**/**Deny**push notifications.
113
113
>
114
-
> If neither phone verification or the Microsoft Authenticator App with push notifications is configured for a user, the user won't be able to complete the Azure AD Multi-Factor Authentication challenge and sign in to Remote Desktop Gateway.
114
+
> If neither phone verification or the Microsoft Authenticator App with **Approve**/**Deny**push notifications is configured for a user, the user won't be able to complete the Azure AD Multi-Factor Authentication challenge and sign in to Remote Desktop Gateway.
115
115
>
116
116
> The SMS text method doesn't work with Remote Desktop Gateway because it doesn't provide the option to enter a verification code.
117
117
@@ -395,4 +395,4 @@ The image below from Microsoft Message Analyzer shows network traffic filtered o
395
395
396
396
[Remote Desktop Gateway and Azure Multi-Factor Authentication Server using RADIUS](howto-mfaserver-nps-rdg.md)
397
397
398
-
[Integrate your on-premises directories with Azure Active Directory](../hybrid/whatis-hybrid-identity.md)
398
+
[Integrate your on-premises directories with Azure Active Directory](../hybrid/whatis-hybrid-identity.md)
0 commit comments