Last week, I had a request from a customer that the MFA authentication suddenly stopped working. The customer then installed the latest NPS MFA extension and also ran the troubleshooting script for MFA, but nothing was found. In the end, he asked me for short-term support. A look at the MFA event log showed a critical error with: "CLIENT_CERT_IDENTIFIER" and thus a finger pointing to the local certificate on the NPS server. The certificate with the Azure tenant ID can be found in the personal certificate store, and this was still valid until one day before! A new certificate for the Azure Multi-Factor Auth Client must be generated, but how?