Hi PlayerOne, The easier question first - I am just using ordinary AD security groups and all is working as I've described.
I am using the Azure MFA NPS Extension on our Windows NPS server, being the "central policy server" in NPS speak. RD Gateway is a different server and its authentication is pointing to the NPS "central policy server", soresulting in our RD Gateway using the MFA service. We also have all our external authentication (eg VPN) using Radius so that we can use the Azure MFA service. We use the Azure MFA Server (Legacy PhoneFactor product) only for our secure web site, since no Azure MFA plugin for IIS 10 seems to be available. If someone knows how to get radius authentication for IIS 10 working I'd be really keen to read about it. -David -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
