Configure MikroTik VPN using Radius and NPS on Windows AD

Configure NPS on a Domain controller:
(Based on Windows Server 2019)
Install NPS Role
open NPS admin console
Select “RADIUS server for Dial-Up or VPN Connections” and click “Configure VPN or Dial-Up
Select “VPN Connections” and click Next
Click “Add” and fill in details as required (IP must be the IP of the router)
Take note of the Shared Secret
Click next on the rest of the screens (add groups as required)

Note: Before users will be able to authenticate using Radius “Allow Access” on the “Dial-in” Tab for the user in AD will need to be selected as “Control Access throught NPS Network Policy” does not work at least for Windows Server 2016 and above.

on the Mikrotik:
Click “Radius” then “+”
Complete the following:
Service: ppp
Domain: domain
Address: IP of NPS Server
Secret: Password defined while setting up NPS
Src Address: The IP of the interface (Must match the IP Specified in while setting up NPS)

Add the following rule in the firewall:
chain: input, Action: Accept, Protocol: TCP, Dst. Port: 1723
chain: input, Action: Accept. Protocol: 47 (gre)