Authenticating wireless access points \ RADIUS through Azure AD
I would like to see Authenticating wireless access points \ RADIUS servers through Azure AD , not having to store user accounts in local active directory
Michaël VdS commented
Create a new resource and search for "RADIUS 2016 Server - Wireless Authentication NPS"
Cloud Infrastructure Services company launched a VM with the role already up and released a tutorial on their site, following the principals I've posted before.
Hope it helps
Upvote this too: Support NPS/RADIUS for Azure AD Domain Services
@David Harris, I'm with you David.
David Harris commented
Azure Radius as a service. Of course I can (have) spin up some VM's, install NPS, maybe add a load balancer, manage and patch the VM's, but this all seems overkill in this day and age . My current requirement for Meraki radius auth should' be as simple as talking to a service in Azure, right?
Anonymous, AzureAD updates passwords and their hashes on AADDS. I have that running.
I agree with you with not receiving early password expiration notifications.
Also looking for this functionality. We have the same set up as Antonio Soares. This solution works, however, there is a catch 22 with password changes because AADDS is not a writeable directory. Also, as Azure portal users users do not get any notifications from Azure AD that the password is going to expire it makes things even worse.
This is a must for us to move away from the traditional AD.
Rakesh Upadhyay commented
Can Azure VPN (P2S) Authenticate with user name & password stored in Azure AD or can RADIUS running as Azure IaaS VM talk to AAD for P2S Auth.
Still working today and other fellow colleagues that read this thread are also using this workaround.
So few needed to have this working MS.
Jason Wilson commented
Yes please. Your customers would literally throw money at you.
Great idea to deliver Radius as a Service via Azure AD. Our wifi authentication through 802.11X is one thing preventing us from moving away from traditional AD.
PLEASE add this feature! With Meraki devices you can auth with Google for wireless access in a company which is great for G Suite users but no such luck with Office 365 / Azure. You can use something like Jumpcloud that offers RADIUS as a service but it is a work around for old school tech.
Jimmie Martin commented
Yes please! Time to start finalising functionality in AAD - everyone loves it.
A scenario: a hard requirement for for us is to use Azure MFA with AWS Workspaces. AWS Workspaces only supports Radius Auth as 2FA, not modern authentication (oAuth).
In the existing infrastructure is available: ADFS, AAD Connect, Azure AD Premium. Reading what Antonio has described, theoretically we can utilize Radius (MSCHAPv2) in Azure AD Domain Services if we also start synching the Kerberos hashes to the cloud.
I would love to see this confirmed by Microsoft. I will be a huge benefit for MS also to mention that not only the legacy protocols like NTLM/Kerberos are supported, but also Radius authentication. At that moment there are very less boundaries left with a journey to the cloud...
@Anthony - can I ping you offline? I have a question about your config.
Branislav Susa commented
This is a must. Please push this forward.
Microsoft, please take this into account and deliver a working solution, please!
Hi, fellow colleagues.
I have a working solution using AzureAD + AADDS + NPS VM on Azure.
Implement Azure Directory Services, peer VNETS between AADDS and Virtual machines and domain join a VM to AD.
Install NPS and use a valid public certificate to identify NPS on PEAP.
Build a VPN from Azure VM VNET to on-prem.
Register radius clients, as usual, in NPS and configure policies.
There is no way to use digital certificates for auth, as a local CA cannot be registered in AD as AD Enterprise CA.
Use LEAP + MSCHAP v2.
I'm authenticating users on wireless, SSH for privileged access and firewall auth.