Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,885 questions
Azure MFA NPS Extension: brute forces via non allowed accounts
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 71%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPH%3C/text%3E%3C/svg%3E)
Pieter Huygens
25
Reputation points
Dear,
We've setup NPS with Azure MFA 3rd party extension for our SSLVPN. Via the network policy in NPS we've limited VPN access to a specific security group.
However: now we see that our onpremise Administrator account locks out frequently. Further research leads us to the source: brute forces via SSLVPN on the administrator account.
The strange thing is that our administrator account is not in the specific VPN security group we've defined in the connection request policy.
In the event vwr we see this as an error on the administrator brute force attempt: ""The request was discarded by a third-party extension DLL file"
How does this come? I expected that the administrator connection attempt was denied before contacting Azure AD or before the login was attempted through onpremise AD because administrator user was not in the specific security group.
Any ideas? Is this normal behavior when Azure AD MFA 3rd party MFA extension was installed?
Thank you so much!
Pieter
Sign in to answer