Duo with multiple NPS network policies


#1

Is it possible to have the Duo radius client integrate with multiple NPS policies? For example, I have a policy on NPS for VPN users and another for network device admins. In NPS the radius client gets assigned a friendly name and then that name gets matched to a policy. Since the duo server is only one device then it gets mapped to a common friendly name on the NPS server which would always match one policy.


#2

I did find a solution to my problem and in case anyone else is interested this is what I did.

Microsoft NPS can only have one radius client with the same IP. I added the duo server as the client with a friendly name.

In my NPS policies I added the friendly name as a requirement and also added NAS ipv4. I setup multiple radius clients in duo config and in each one I added nas_ip= to some unique value. This way the policy could get selected based on this value.