While Microsoft just released Microsoft Cloud PKI, they have not announced any plans to release a RADIUS service. To help Microsoft customers we have made our cloud RADIUS service work with Microsoft’s Cloud PKI. If you have not yet set up Microsoft’s Cloud PKI, You might want to checkout EZCA an Intune compatible Certificate Authority built by Ex-Microsoft and Ex-Google engineers that works with any MDM.
The first thing we must do is use a Global Administrator account to register the Keytos application and the EZRadius application. This step allows EZRADIUS to authenticate your users securely.
Now that we have registered the applications in Entra ID, let’s create EZRADIUS in Azure (While we are creating it in Azure we are not creating any resources, all servers are hosted by Keytos, this is only used for billing). If you prefer, you can also do this directly in the EZRADIUS portal.
After setting up your EZRADIUS instance, bookmark the instance URL for easy access. Next, if Needed, you can go to the settings page and configure your access (who is an owner of the RADIUS server, Network administrador, or even just log reader) and RADIUS SIEM Connection, Even if you are not using a SIEM, you can push your logs to an Azure log analytics workspace and use our RADIUS Log Analytics Dashboard to have a better view of your logs.
Now that we have fully configured our Cloud RADIUS subscription, we have to create the RADIUS Access Policies that will define the access to our network. For Microsoft Cloud PKI, you will Setup your CA Trust as a local CA, and for the server certificate, you can use our integrated server certificate creation
Now that we have created the RADIUS policies, we need to configure our network devices to use the Cloud RADIUS server. In this section of the documentation we have the network devices for the most common vendors.
After creating the RADIUS policies and connecting the RADIUS server to your network, you probably want to use Intune to distribute the RADIUS Wi-Fi profile to your devices. This way, you can have a seamless experience for your users.
By following these steps, you can effectively set up RADIUS authentication with Microsoft Cloud PKI and Intune, enhancing your network security and certificate management. For more information, check out the documentation linked below. If you have any questions, feel free to reach out. Thank you for reading, and stay tuned for more tutorials!