RADIUS Authentication with Microsoft Office 365

Written by Vince Lujan on October 6, 2017

Share This Article

Updated on January 31, 2024

A common trend in modern IT is a market-wide shift to the cloud. For many organizations, that means leveraging a cloud computing platform like Microsoft 365 (M365), formerly known as Office 365. M365 is the cloud version of the Microsoft Office Suite. It provides various applications and resources that most people are very familiar with like Word, Excel, PowerPoint, and Outlook.

While cloud productivity platforms like M365 have dramatically increased productivity by enabling users to be more agile and adaptable to the rapid changes in IT, there are still significant issues with on-prem network connectivity and infrastructure. Securing WiFi networks and cloud-based identities has become an essential aspect of an organization’s overall security posture.

One of the best approaches to securing cloud resources is by managing access to the network itself with the Remote Authentication Dial-In User Service (RADIUS). RADIUS allows organizations to require unique login credentials for each user on the network – eliminating the dangers of a shared WiFi password. However, the last thing that users want is another set of credentials to remember. That’s why a lot of IT admins ask us how to implement RADIUS authentication using their existing M365 user credentials.

Why RADIUS is Important

Before we can answer that question, it’s important to understand why RADIUS is important. It’s safe to say that most modern organizations are using WiFi. The benefits to doing so are obvious, but WiFi networks don’t come without their own set of risks and challenges. Perhaps the greatest challenge comes from managing WiFi authentication to prevent unauthorized individuals from accessing the network.

Most organizations attempt to resolve this issue with ashared SSID and password. This approach can be effective in some cases. If an organization is small enough it might be easier to simply change the password and let everyone know. However, this approach is far from ideal – especially as an organization grows. For example, this approach means that anyone with the SSID and password can potentially access the an organization’s network resources. Unfortunately, that can include unwanted users like disgruntled former employees, former guests, really anyone that had access at one point but no longer should.

This is where RADIUS authentication can make a huge difference. RADIUS works by assigning unique credentials for individual user authentication and access. There is no need for a shared SSID and password because each user leverages their own unique credentials for access. As a result, access to the network and subsequently an organization’s protected resources are much more secure.

RADIUS Authentication with Microsoft 365

WiFi Security

IT admins have two primary options for implementing RADIUS authentication in M365.

The first approach is with Microsoft Active Directory (AD). This model can make sense for organizations that already have an existing AD implementation, but it will still require IT to implement a RADIUS server. For organizations that don’t have Active Directory, this approach means investing a huge amount of time and money for a relatively small reward. An AD instance requires on-prem infrastructure (e.g. hardware, software, VPNs, etc.). This translates to a lot of added costs and management overhead.

The modern approach is to leverage a modern open directory platform such as the one offered by JumpCloud. This comprehensive cloud directory service takes the heavy lifting out of RADIUS authentication with M365 by delivering the full functionality of the platform from the cloud. That means no more on-prem infrastructure to purchase, implement, or maintain. In fact, a wireless access point (WAP) is typically the only on-prem infrastructure required.

It works by leveraging the directory’s M365 directory sync feature to first integrate M365 identities into the JumpCloud administrative console. IT admins can then use JumpCloud’s Cloud RADIUS functionality to empower their users to leverage their core user identities to gain access to the network. IT admins simply point their WAPs at the JumpCloud managed RADIUS servers and the connected directory takes care of the rest.

The best part is that Cloud RADIUS is but one functionality of JumpCloud’s Directory Platform. IT admins can also take advantage of the wide array of other user and device management capabilities native to the platform at no added cost.

Learn More about RADIUS Authentication with JumpCloud

To test out how JumpCloud’s open directory platform enables RADIUS authentication with Microsoft 365, sign up for a trial of JumpCloud today. If you’d like additional information, feel free to consult JumpCloud’s Knowledge Base, or drop us a line.

Vince Lujan

Vince is a writer and video specialist at JumpCloud. Originally from the horse capital of New Mexico, Corrales, he has lived in Boulder, Colorado for three years. When Vince is not developing content for JumpCloud, he can usually be found at the Boulder Creek.

Continue Learning with our Newsletter