How can we improve Azure Active Directory?

Authenticating wireless access points \ RADIUS through Azure AD

I would like to see Authenticating wireless access points \ RADIUS servers through Azure AD , not having to store user accounts in local active directory

628 votes
Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)

We’ll send you updates on this idea

Aman Sahota shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

64 comments

Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
Submitting...
  • Antonio Soares commented  ·   ·  Flag as inappropriate

    Hi,

    check Azure.
    Create a new resource and search for "RADIUS 2016 Server - Wireless Authentication NPS"
    Cloud Infrastructure Services company launched a VM with the role already up and released a tutorial on their site, following the principals I've posted before.

    https://cloudinfrastructureservices.co.uk/how-to-setup-radius-server-2016-in-azure-for-wireless-authentication/

    Hope it helps

  • David Harris commented  ·   ·  Flag as inappropriate

    Azure Radius as a service. Of course I can (have) spin up some VM's, install NPS, maybe add a load balancer, manage and patch the VM's, but this all seems overkill in this day and age . My current requirement for Meraki radius auth should' be as simple as talking to a service in Azure, right?

  • Antonio Soares commented  ·   ·  Flag as inappropriate

    Anonymous, AzureAD updates passwords and their hashes on AADDS. I have that running.
    I agree with you with not receiving early password expiration notifications.

  • Gerry commented  ·   ·  Flag as inappropriate

    Also looking for this functionality. We have the same set up as Antonio Soares. This solution works, however, there is a catch 22 with password changes because AADDS is not a writeable directory. Also, as Azure portal users users do not get any notifications from Azure AD that the password is going to expire it makes things even worse.

  • Rakesh Upadhyay commented  ·   ·  Flag as inappropriate

    Can Azure VPN (P2S) Authenticate with user name & password stored in Azure AD or can RADIUS running as Azure IaaS VM talk to AAD for P2S Auth.

  • Antonio Soares commented  ·   ·  Flag as inappropriate

    Still working today and other fellow colleagues that read this thread are also using this workaround.

    So few needed to have this working MS.
    Push it!!

  • Simon commented  ·   ·  Flag as inappropriate

    Great idea to deliver Radius as a Service via Azure AD. Our wifi authentication through 802.11X is one thing preventing us from moving away from traditional AD.

  • Keith commented  ·   ·  Flag as inappropriate

    PLEASE add this feature! With Meraki devices you can auth with Google for wireless access in a company which is great for G Suite users but no such luck with Office 365 / Azure. You can use something like Jumpcloud that offers RADIUS as a service but it is a work around for old school tech.

  • Rochen commented  ·   ·  Flag as inappropriate

    A scenario: a hard requirement for for us is to use Azure MFA with AWS Workspaces. AWS Workspaces only supports Radius Auth as 2FA, not modern authentication (oAuth).

    In the existing infrastructure is available: ADFS, AAD Connect, Azure AD Premium. Reading what Antonio has described, theoretically we can utilize Radius (MSCHAPv2) in Azure AD Domain Services if we also start synching the Kerberos hashes to the cloud.

    I would love to see this confirmed by Microsoft. I will be a huge benefit for MS also to mention that not only the legacy protocols like NTLM/Kerberos are supported, but also Radius authentication. At that moment there are very less boundaries left with a journey to the cloud...

  • Antonio Soares commented  ·   ·  Flag as inappropriate

    Hi, fellow colleagues.
    I have a working solution using AzureAD + AADDS + NPS VM on Azure.
    Implement Azure Directory Services, peer VNETS between AADDS and Virtual machines and domain join a VM to AD.
    Install NPS and use a valid public certificate to identify NPS on PEAP.
    Build a VPN from Azure VM VNET to on-prem.
    Register radius clients, as usual, in NPS and configure policies.
    There is no way to use digital certificates for auth, as a local CA cannot be registered in AD as AD Enterprise CA.
    Use LEAP + MSCHAP v2.
    I'm authenticating users on wireless, SSH for privileged access and firewall auth.

Feedback and Knowledge Base