I am testing MFA for VPN with the folowing guide

Enrollment with google authenticator worked fine.

The problem I am having is that I create a policy in the NPS, I get it to validate against the domain but it does not ask me for the second factor.

I am using Cisco ASA (any connect client) + NPS

They have some more detailed guide on how to configure the policy in the NPS