Our great sponsors
-
hawk
Powershell Based tool for gathering information related to O365 intrusions and potential Breaches (by T0pCyber)
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Additionally, even if the system supports it, OTP methods presently break the ability to return vendor-specific attributes from the matching NPS policy (so your VPN server can't receive information based on AD groups, for example). This makes in-band MFA less viable even where the client supports it. However, Microsoft released a ridiculous workaround instead of fixing it: put the group based attributes in connection request policies instead of network policies - these work, but CRPs can't be based on groups, so they linked to some script on GitHub that you can make a scheduled task, that stuffs every username from a group into a CRP: https://github.com/OneMoreNate/CrpUsernameStuffing Basically, they have made little effort to enable the NPS MFA extensions to work with in-band methods in a sane and viable way.