How To Setup Cloud RADIUS for Microsoft Cloud PKI Intune in Azure

10 Jun 2024

How To Setup Cloud RADIUS for Intune With Microsoft Cloud PKI

While Microsoft just released Microsoft Cloud PKI, they have not announced any plans to release a RADIUS service. To help Microsoft customers we have made our cloud RADIUS service work with Microsoft’s Cloud PKI. If you have not yet set up Microsoft’s Cloud PKI, You might want to checkout EZCA an Intune compatible Certificate Authority built by Ex-Microsoft and Ex-Google engineers that works with any MDM.

Step 1: Register EZRADIUS Application

The first thing we must do is use a Global Administrator account to register the Keytos application and the EZRadius application. This step allows EZRADIUS to authenticate your users securely.

Step 2: Create EZRADIUS Cloud RADIUS in Azure

Now that we have registered the applications in Entra ID, let’s create EZRADIUS in Azure (While we are creating it in Azure we are not creating any resources, all servers are hosted by Keytos, this is only used for billing). If you prefer, you can also do this directly in the EZRADIUS portal.

Search Marketplace: In the Azure portal, search for EZ RADIUS and select your preferred plan.
Enter Subscription Details: Provide the subscription name, resource group, and review and create the subscription.
Configure Account: Once the subscription is active, configure your account by logging into the EZRADIUS portal with your Azure credentials.
Select your Cloud RADIUS Instance Location: Last we are going to select the location where to deploy EZRADIUS. If you want to deploy in a region that is currently not available, email sales@keytos.io and request that location.

Step 3: Configure you Cloud RADIUS Settings

After setting up your EZRADIUS instance, bookmark the instance URL for easy access. Next, if Needed, you can go to the settings page and configure your access (who is an owner of the RADIUS server, Network administrador, or even just log reader) and RADIUS SIEM Connection, Even if you are not using a SIEM, you can push your logs to an Azure log analytics workspace and use our RADIUS Log Analytics Dashboard to have a better view of your logs.

Step 4: How to Create RADIUS Access Policies

Now that we have fully configured our Cloud RADIUS subscription, we have to create the RADIUS Access Policies that will define the access to our network. For Microsoft Cloud PKI, you will Setup your CA Trust as a local CA, and for the server certificate, you can use our integrated server certificate creation

Step 5: How To Configure RADIUS on Network Devices

Now that we have created the RADIUS policies, we need to configure our network devices to use the Cloud RADIUS server. In this section of the documentation we have the network devices for the most common vendors.

Step 6: How To Configure Wi-Fi Authentication in Intune

After creating the RADIUS policies and connecting the RADIUS server to your network, you probably want to use Intune to distribute the RADIUS Wi-Fi profile to your devices. This way, you can have a seamless experience for your users.

Conclusion - Setting up Wifi Certificate Authentication with Microsoft Cloud PKI and Cloud RADIUS is Easy

By following these steps, you can effectively set up RADIUS authentication with Microsoft Cloud PKI and Intune, enhancing your network security and certificate management. For more information, check out the documentation linked below. If you have any questions, feel free to reach out. Thank you for reading, and stay tuned for more tutorials!