RADIUS Authentication with Microsoft Office 365

Written by Vince Lujan on October 6, 2017

Share This Article

A common trend in modern IT is a market-wide shift to the cloud. For many organizations, that means leveraging a cloud computing platform like Microsoft Office 365® (O365). O365 is the cloud version of the Microsoft Office Suite. It provides various applications and resources that most people are very familiar with like Word, Excel, PowerPoint, and Outlook.

While cloud productivity platforms like O365 have dramatically increased productivity by enabling users to be more agile and adaptable to the rapid changes in IT, there are still significant issues with on-prem network connectivity and infrastructure. Securing WiFi networks and cloud-based identities has become an essential aspect of an organization’s overall security posture.

One of the best approaches to securing cloud resources is by managing access to the network itself with the Remote Authentication Dial-In User Service (RADIUS). RADIUS allows organizations to require unique login credentials for each user on the network – eliminating the dangers of a shared WiFi password. However, the last thing that users want is another set of credentials to remember. That’s why a lot of IT admins ask us how to implement RADIUS authentication using their existing Microsoft Office 365 user credentials.

Why RADIUS is Important

Before we can answer that question, it’s important to understand why RADIUS is important. It’s safe to say that most modern organizations are using WiFi. The benefits to doing so are obvious, but WiFi networks don’t come without their own set of risks and challenges. Perhaps the greatest challenge comes from managing WiFi authentication to prevent unauthorized individuals from accessing the network.

Most organizations attempt to resolve this issue with ashared SSID and password. This approach can be effective in some cases. If an organization is small enough it might be easier to simply change the password and let everyone know. However, this approach is far from ideal – especially as an organization grows. For example, this approach means that anyone with the SSID and password can potentially access the an organization’s network resources. Unfortunately, that can include unwanted users like disgruntled former employees, former guests, really anyone that had access at one point but no longer should.

This is where RADIUS authentication can make a huge difference. RADIUS works by assigning unique credentials for individual user authentication and access. There is no need for a shared SSID and password because each user leverages their own unique credentials for access. As a result, access to the network and subsequently an organization’s protected resources are much more secure.

RADIUS Authentication with Microsoft Office 365

WiFi Security

IT admins have two primary options for implementing RADIUS authentication in O365.

The first approach is with Microsoft Active Directory® (AD). This model can make sense for organizations that already have an existing AD implementation, but it will still require IT to implement a RADIUS server. For organizations that don’t have Active Directory, this approach means investing a huge amount of time and money for a relatively small reward. An AD instance requires on-prem infrastructure (e.g. hardware, software, VPNs, etc.). This translates to a lot of added costs and management overhead.

The modern approach is to leverage a new solution called Directory-as-a-Service. This comprehensive cloud directory service takes the heavy lifting out of RADIUS authentication with O365 by delivering the full functionality of the platform from the cloud. That means no more on-prem infrastructure to purchase, implement, or maintain. In fact, a wireless access point (WAP) is typically the only on-prem infrastructure required.

It works by leveraging Directory-as-a-Service’s O365 directory sync feature to first integrate O365 identities into the JumpCloud administrative console. IT admins can then use JumpCloud’s RADIUS-as-a-Service functionality to empower their users to leverage their core user identities to gain access to the network. IT admins simply point their WAPs at the JumpCloud managed RADIUS servers and Directory-as-a-Service takes care of the rest.

The best part is that RADIUS-as-a-Service is but one functionality of the Directory-as-a-Service platform. IT admins can also take advantage of the wide array of other user and device management capabilities native to the platform at no added cost.

Learn More about RADIUS Authentication with JumpCloud

To learn more about how Directory-as-a-Service enables RADIUS authentication with Microsoft Office 365, drop us a note. You can also sign up for a free account and secure access to your network with RADIUS-as-a-Service today. Your first ten users are free forever.

Vince Lujan

Vince is a writer and video specialist at JumpCloud. Originally from the horse capital of New Mexico, Corrales, he has lived in Boulder, Colorado for three years. When Vince is not developing content for JumpCloud, he can usually be found at the Boulder Creek.

Continue Learning with our Newsletter