Netskope Client Triggers MFA

  • 16 December 2022
  • 3 replies
  • 35 views

Badge +1

So, we have an issue in our environment that we've been troubleshooting for several months now.

 

When an Azure managed user locks their PC, the Netskope client drops the filtered subnet assigned to the PC, which then triggers Duo MFA. Unfortunately, this behavior doesn't occur when using the MS Authenticator, but we are fully integrated with Duo and cannot move to MS MFA...

We contacted Netskope support, and they collected logs and proceeded to tell us that the NIC was disabling and that was the issue... along with possibly DNS or our AnyConnect VPN...

 

I can't believe the engineer was so clueless to suggest the NIC was disabling, when we maintain a connection to Azure and show the IP address change in the Sign-In logs, which I provided. Not to mention, DNS has nothing to do with the subnet changing on a device when it goes to sleep. As for the VPN, the behavior is the same regardless of having the VPN running, which was also provided to support.

 

I am at my wits end with Netskope support and am wondering if anyone from the community has had or heard of similar issues???

 


3 replies

Userlevel 3
Badge +12

When you mention that "show the IP address change in the Sign-In logs", are you seeing in the Azure logs that the source IP changes when user unlocks the computer?  Is it changing from the users public IP to a Netskope IP?

Userlevel 4
Badge +14

@kevbro1 ask support to check the following feature flag on the backend: "AOAC Support for Windows 10" - and if it is turned off on your tenant, have them turn it on - it should solve the issue you're experiencing(if you have not resolved it yet)

Badge +1

The problem turned out to be AOAC

Out team didn't notify anyone when they enabled it and we've resolved it now.

 

Thanks!

Reply