I currently run a Windows NPS server with the Azure MFA plugin and it works perfectly for SSTP and L2TP Authentication.
In looking to remove the use of the shared IPSec secret, I attempted to get IKEv2 Radius authentication working however it doesn't seem to work. In the NPS logs, the following is printed:
"NPS Extension for Azure MFA: NPS Extension for Azure MFA only performs Secondary Auth for Radius requests in AccessAccept State. Request received for User <username> with response state AccessReject, ignoring request."
This message also appears if attempting to perform Radius authentication using OpenVPN.
Along with the inability to set the mode-config for IKE2 authentication, this is currently limiting me from removing the need for L2TP.