We use Microsoft MFA for two-factor authentication (2FA). MFA can be used as a RADIUS server so I created a Service in my CPPM to use MFA as the authentication source. When I attempt to authenticate to a device now, I get the expected phone call from MFA and I enter my PIN as required for that system. MFA logs indicate I passed authentication but CPPM is showing a failed auth message. What am I missing? Are there specific vendor-specific attributes (VSAs) I need to configure for MFA to send back to CPPM?