I currently have a FortiGate configured for IPSec remote access authenticating via PAP and RADIUS to an NPS server running the MFA Extension - it all works great and I receive the MFA code via SMS but I have a question.

I would like to force the usage of either approve/deny or OTP within the Microsoft Authenticator itself, and stop the SMS method. I've read all over the place that if I add the registry key "OVERRIDE_NUMBER_MATCHING_WITH_OTP" to the NPS server registry that it will return back to the approve/deny or OTP Authenticator method but it refuses and continues to deliver the code via SMS - I've tried this registry key with both TRUE and FALSE values.

I've tried playing around with authentication protocols on both the FortiGate and NPS side but to no avail nothing appears to work.

I am running MFA Extension version 1.2.2893.1 - I've even attempted to try and find a previous version of this extension to see if that fixes my issue. This might also be an issue within my Azure MFA environment too?

FortiGate v7.6.2

Any help will be appreciated!