F5 APM with Microsoft Authenticator

Like explained above, there is nothing to do!

Both apps generate same time-based password for same key!

yes just scan the qrcode using any app , google, microsoft, authy all works fine

thanks, spot on, all working!

Can I use Microsoft Authenticator (SmartPhone MS-Authenticator-APP) with a kind of Challenge Response. Because I will not ask for the Token within my APM-Logon-Page. User should only do "accept the Authentication with the MS-Authenticator APP".

I have the same requirement, using AzureMFA (Challenge Response) with APM.

One solution that works is to use MS NPS Server with AzureMFA Plugin. You can authenticate with AD / Kerberos / LDAP to your local domain on APM and then request MFA with username (password can be empty) via Radius to the NPS.

I'm unhappy with that solution cause I can't provide any feedback to the user. As soon as I trigger the Radius Request in APM, the page waits in "Loading" state. A solution with better user experience would be nice.

Any hints appreciated.

Now I have the Solution with Microsoft NPS implemented and it works with the Microsoft Authenticator APP. It's important to setup the right options in Azure for the users to use the Authenticator APP. You can configure inside the azure-user-accounts how the requests from the OnPremis-NPS (Radius) will be handled. So you can use "enable", "disable" and "restrict". And the user have to configure his own Microsoft Authenticator APP during the initial installation and setup process. The user sccount in active directory (OnPrem) have to setup for remote access and the NPS-options (setting inside the AD-user-account). Your F5-APM-Policy should have a Radius-Auth after the AD-Auth. The Radius-Auth connects the OnPrem-Radius (NPS). And on the NPS your have to configure a Policy for the F5-Access as a radius-client (don't forget to configure a NAS-ID, e.g.) and a Policy for the radius-flow. I use https://docs.microsoft.com/de-de/azure/active-directory/authentication/ for MFA-Setup in Azure.