Hello @Matthew Riddler · Thank you for reaching out.
Azure MFA Extension can't work on its own and requires NPS Server to work with. NPS extension translates RADIUS calls to HTTP REST calls and forwards to Azure AD and translate the response back from REST to RADIUS and pass that to NPS server. If the request meets the conditions defined in CAP policy on the NPS server, it gets forwarded to NPS extension which facilitates MFA. To achieve your requirement, you may consider one of the below options:
- You can configure the policy conditions e.g. the policy should apply only to members of a specific windows group.
- You can also have another NPS server without extension.
- You can configure IP_Whitelist registry setting to skip MFA for given IP Addresses.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.