• Install a new NPS Server ( cannot be existing as MFA will take over existing requests such as Wifi! ) 
• Installed Azure AD NPS Plugin and Enroll in Azure AD
• Add a Radius Client to the NPS server of the IP ( VIP ) of the Netscaler 
• Add the Radius server in Authentication – Set Timeout to 10Seconds , set Password to MsChapv2 Set NASID to MFA
• NPS Server Policies

If you must use MS-CHAPv2, you can enable NTLMv2 authentication by adding this registry entry:

1. Select Start > Run, type regedit in the Open box, and then select OK.
2. Locate and select the following registry subkey:
   HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess\Policy
3. On the Edit menu, point to New, and then select DWORD Value.
4. Type Enable NTLMv2 Compatibility, and then press ENTER.
5. On the Edit menu, select Modify.
6. In the Value data box, type 1, and then select OK.
7. Exit Registry Editor.