HI
I am in the middle of setting up Always on VPN for our new windows 10 estate as part of the new office 365 rollout. I have created the following servers so far
two RRAS windows 2012 r2
two NPS windows 2012 R2
I have discovered that we are also entitled to an on premise MFA server which I want to implement. we also have an internal CA which I am planning on using user certificate authentication with the Radius server.
1. My question is do I still need to keep the NPS servers? or do the MFA servers replace the need for the NPS?
2. if I need the NPS servers do I need to point the VPN servers at the MFA servers first which then proxy to the NPS for the user cert authentication?
sorry if this does not make sense but struggling to find anything online about certificate auth and using MFA and Microsoft authenticator app or the OTP with phonefactor?
thanks in advanced