Advanced Authentication to VPN along with Risk Service

Can the Risk Service along with Advanced Authentication be configured such that when a VPN User (internal or 3rd Party) if at all connects from a new machine (with 1 or more of following parameters changing - MAC Address, IP Address, Geolocation, Browser type and version, different time from regular VPN access times,.. ) then they should be challenged with a Different Authentication Chain?