With so much focus from Microsoft® to create Azure® Active Directory® services and variants, a common question is whether a cloud RADIUS as a service is currently being offered by Microsoft through Azure. The short answer is no. Unfortunately, Azure’s AD services do not include a hosted RADIUS solution, nor does it work easily for managing access to VPNs and on-prem WiFi networks.
IT admins can certainly build out their own RADIUS services by using a FreeRADIUS server or Microsoft NPS server within Azure, but is it really worth it? Building out RADIUS architecture and then using VPNs to connect to networking equipment (on-prem and elsewhere) with those self-managed RADIUS servers within Azure requires serious management and maintenance. While this path is technically possible, many IT admins are looking for a SaaS RADIUS offering that is more turnkey. Let’s explore the need for a cloud RADIUS solution and consider some practical alternatives to avoid having to stand-up your own Azure-based RADIUS infrastructure.
Modern Cyber Security Needs RADIUS
First of all, why has managing WiFi network access become such a hot topic around IT? In 2019, one survey found that 64% of SMBs claim to have suffered a cyber attack. Therefore, it should come as no surprise that cyber security is seen by 89% of organizations as one of the top five priorities for their organization.
As IT organizations push harder on locking down their VPN and WiFi network access, a RADIUS-based solution is often considered. Both VPN and WiFi equipment seem to work best with the RADIUS protocol to uniquely authenticate users to the network. While other protocols are also possible (namely LDAP), the networking heritage of the VPN as well as wireless access point (WAP) manufacturers push most organizations to leverage RADIUS when thinking about management efficiency and leveling up security.
So, how does RADIUS work? As shown below, the general architecture flows as follows: the networking equipment passes along authentication requests via the RADIUS protoocol to a RADIUS server which subsequently integrates with the core identity provider to validate user credentials. Assuming a positive authentication, (Read more...)