I have a client who has an Azure/M365 tenant, and all of their devices are joined to Entra ID. They're looking to set up a RADIUS server to authenticate those devices (not users) for connecting to a WiFi network that they don't manage themselves. I know one way to do this could be using a Windows VM with NPS as the RADIUS server. However, I'm looking for guidance on how to authenticate the devices for wireless access instead of going through the user's credentials.
4 Answers
In my experience, using Scepman alongside a RADIUS service can be quite effective. It helps manage certificates and can assist with device authentication without too much hassle.
One way to go about it is to use certificate-based authentication. It allows devices to authenticate themselves without relying on user credentials. But if that’s not feasible for your situation, you'll have to explore other options.
You could check out EZCA and EZRadius. They’re pretty great tools and offer good integration options for this kind of setup.
Definitely check with the WiFi provider to see what authentication methods they support. It’s best to get their input so you can tailor the solution for your client’s needs.
It's worth noting that the entity managing the wireless network said they specifically need device-based authentication via RADIUS, so certificate-based methods won't work here.