Integration has been done based on this guide - Microsoft Azure Multi-Factor Authentication (MFA)
General idea seems to be working - IKEv1/PAP is fine, but IKEv2/EAP-MSCHAPv2 is not connecting properly. If using local ClearPass user - VIA connects fine. If MFA request can be accepted successfully really quick (around 5 seconds or so) - connects sucessfully. But normally VIA times out with error -8980 and connection fails.
Will not jump into troubleshooting logs, but I have a feeling VIA IPSec session times out before receiving RADIUS response. RADIUS timeouts have been tuned on controller/ClearPass side to 30 seconds, but is there anything that may have not been mentioned in the guide regarding timers?
AOS: 10.4.1.1
CP: 6.10.8