Congratulations! You are moving your infrastructure to the Cloud and you are trying to get rid of the painful to manage services such as NPS Server and even your ADCS (if you are using EAP-TLS certificate based authentication). One way to move our RADIUS to the cloud is to move your NPS Server to the cloud, but then you are still managing “On-Prem” Infrastructure and you are not taking advantage of the cloud and you can’t really authenticate your cloud only devices. Instead, we recommend using a Cloud RADIUS Service that can speak to your Intune and Entra ID and authenticate your users/devices to your network. In this blog, we will cover how you can set up Wi-Fi authentication with Intune and Cloud RADIUS.
Well now that we have decided that we are going to use a Cloud RADIUS Service, we need to choose which one to use. There are many Cloud RADIUS options out there, but we recommend using EZRADIUS as it is built by ex-microsoft the best Cloud RADIUS Service for Intune and Entra ID. EZRADIUS is a fully managed RADIUS service that integrates with Intune and Entra ID, allowing you to authenticate your users/devices to your network without the need for NPS or ADCS.
If you are already using Intune to manage your devices, you can automate the Wi-Fi authentication process by configuring certificate based authentication to the network. This is the most secure way to authenticate your devices to the network and it is also the most efficient way to manage your devices since Intune takes care of everything and the users don’t have to do anything (Which as an IT professional you know the pain of involving users). For this you have:
The Device Issue a Certificate Through SCEP: You can use Intune to connect your devices to a SCEP server and issue a certificate to the device. This certificate will be used to authenticate the device to the network. Learn how to set up SCEP in Intune.
Configure Your RADIUS Server: Unfortunately, Networking devices are not smart enough to understand certificate based authentication (they are too busy building AI tool for their investors, I mean for the consumers of course) so you need to configure your RADIUS server to accept certificate based authentication. Learn how to set up EZRADIUS EAP-TLS. and connect cloud RADIUS to your networking gear.
Configure the Wi-Fi Profile in Intune with Certificate Based Authentication: Once you have your RADIUS server configured, you can create a Wi-Fi profile in Intune that uses certificate based authentication. Learn how to set up Wi-Fi profile in Intune.
This might sound like a lot of work, but thanks to EZRADIUS and EZCA’s tight integration with Intune, you can set up Wi-Fi authentication in no time. You can see the full setup in this video:
While Certificate based authentication is my preferred method of authentication, I can hear you already yelling me that you don’t want to issue certificates to your devices and you just want to use Entra ID to authenticate your users to the network. Well, you can do that too with EZRADIUS. For that you will only Need to:
Configure Your RADIUS Server: You need to configure your RADIUS server to accept Entra ID authentication. Learn how to set up Entra ID authentication for Wifi.
Configure the Wi-Fi Profile in Intune with Entra ID Authentication: Once you have your RADIUS server configured, you can create a Wi-Fi profile in Intune that uses Entra ID authentication (This will add the server trust and it is a must for iOS and Apple devices since Apple and Microsoft default to different standards). Learn how to set up an Entra ID Wi-Fi profile in Intune.
And just like with certificate based authentication, you can see the full setup in this video:
Wether you want to use certificate based authentication or Entra ID authentication, Keytos can help you secure your network with Cloud RADIUS. Our EZRADIUS service is fully managed and integrates with Intune and Entra ID, allowing you to authenticate your users/devices to your network without the need for NPS or ADCS. If you want to learn more about how you can use EZRADIUS with Intune and Entra ID, schedule a call with one of our engineers or start a free trial.
