I am testing MFA for VPN with the folowing guide
Enrollment with google authenticator worked fine.
The problem I am having is that I create a policy in the NPS, I get it to validate against the domain but it does not ask me for the second factor.
I am using Cisco ASA (any connect client) + NPS
They have some more detailed guide on how to configure the policy in the NPS