When adding users to AD manually they usually do not automatically pick up the characteristics needed to allow them to register in Azure for using MFA with VPN.
Use this link to see if the user has registered with MFA. Note that the search is by FIRST NAME only. User registration details
The following are things to check if a user is unable to log in to set their MFA in Azure.
User is in one of the A3 Groups
The user should be added to one of the A3 Fac/Staff User Groups in our local AD (Not Azure). You can check in Azure to see if they are part of the group by going to this link: A3 FacStaff
- Office365 A3 Licensed FacStaff Exceptions
- This group can be manually added to to allow consultants and other users access
- Office365 A3 Licensed FacStaff Users
- This group is automatically added to if the user is a Faculty or Staff employee
extenstionAttribute11
Add this field if the user needs to authenticate with Azure MFA quickly. Adding the user to the groups above will eventually automagically populate this field.
The extensionAttribute11 should be set to "A3 FacStaff".
User Principal Name (In Azure)
Make sure that the name is their NazNet ID and that their domain is naz.edu
User Login Name (UserPrincipalName) in Active Directory
Again, make sure that the login name is the same as the NazNetID or samAccountName and that the domain is naz.edu