Forum Discussion

merter_319420

Nimbostratus

Oct 14, 2018

View 1.5.5 iApp Access Policy with Microsoft Network Policy Server (NPS) and Azure MFA

Hello, Has anyone set up the VMware Horizon View 1.5.5 iApp to do multi-factor authentication against Azure MFA? We are working through a POC, but have yet to find a full setup guide for this u...

microsoft network policy and access services

Nimbostratus

Oct 15, 2018

I've just done the BIG-IP (13.1)/NPS RADIUS client/Azure part but not the Horizon/iAPP part

These were the most useful resources for me;

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-vpn

Doug_Walton_354

Nimbostratus

Oct 16, 2018

Here is what works for me;

Network Policy

New policy = Grant Access Condition = IP of F5 (check if its your inside interface or floating IP) Access = Grant Authentication = MS-CHAPv2 Framed-Protocol = PPP Service-Type = Framed BAP Percentage of Capacity = Reduce Multilink if server reaches 50% in 2 minutes

*Most of these were default

Connection Request Policy

New policy Conditions = NAS Identifier (Name of your F5 NAS identifier that you may have set in your radius profile) Setting = Authentication Provider (Local Computer)

On the Azure side I'm just using a conditional policy that says, if user is in AD group then do MFA. I'm only using it for remote access at this point.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)