Info: https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension

The Network Policy Server (NPS) extension for Azure AD Multi-Factor Authentication adds cloud-based MFA capabilities to your authentication infrastructure using your existing servers. With the NPS extension, you can add phone call, text message, or phone app verification to your existing authentication flow without having to install, configure, and maintain new servers.

The NPS extension acts as an adapter between RADIUS and cloud-based Azure AD Multi-Factor Authentication to provide a second factor of authentication for federated or synced user

• Open elevated Powershell prompt
• Go to C:\Program Files\Microsoft\AzureMfa\Config
• Run the script AzureMfaNpsExtnConfigSetup.ps1
• This will ask to enter a Global admin username password
• Also will ask for tenant ID of the customer
• The name of the certificate that is due to expire is actually the tenant ID , you can also find the tenant ID in Azure AD under properties (see below)