What is Microsoft® Windows® NPS (Network Policy Server)? Network security is a critical requirement for today’s IT organizations. As such, IT admins are considering their options for managing network access, which includes the use of Windows NPS. But what is it?
What is Microsoft Windows NPS?
Windows Network Policy Server is a subset feature of the Windows Server software. Effectively, the NPS role for Windows Server is to act as a RADIUS server that authenticates network access against the identity provider, Microsoft Active Directory® (AD). For those who are familiar with FreeRADIUS, think of Windows NPS as Microsoft’s proprietary implementation of FreeRADIUS (although it isn’t clear that Microsoft has used the FreeRADIUS code base, but has rather similar functions).
Microsoft created the Network Policy Server to give IT organizations the ability to authenticate client devices through various network access points—i.e. WiFi, VPN, 802.1x switches, etc. Generally, network access equipment, such as VPNs and wireless access points, prefer the RADIUS protocol, so Microsoft essentially uses NPS as a converter to ultimately authenticate network access via AD. If an NPS server is placed within an Active Directory domain, it can seamlessly integrate and ultimately authenticate network access via AD.
Essentially, the logical flow is that a user accesses a WiFi access point or VPN and submits their username and password, which is forwarded on to the Microsoft NPS server via the RADIUS protocol. The NPS server will then check the credentials against Active Directory, determining whether the user should be allowed access or not. This approach allows IT admins to seamlessly integrate their non-Windows-based network access equipment to authenticate with AD.
NPS Shortcomings
While this approach worked well for a number of years, as the IT landscape shifts to the cloud, there is a great deal of concern over whether a Microsoft Windows NPS server is actually required anymore.
See, avoiding vendor lock-in and adopting cloud-forward attitudes are driving IT organizations away from traditional forms of network management like AD and NPS. This shift in paradigm is increasing the amount of “as-a-Service” offerings on the market, but options for network management-as-a-Service are limited.
Thankfully, a new generation of cloud identity management is replacing components such as Network Policy Server and Active Directory with RADIUS-as-a-Service. What’s more, this RADIUS-as-a-Service is a part of a larger, SaaS-delivered identity provider called Directory-as-a-Service®, from JumpCloud®.
Replace NPS with RADIUS-as-a-Service
Admins leveraging JumpCloud’s RADIUS-as-a-Service can authenticate end user network access regardless of the system (Windows, Mac®, Linux®) they use or the location they use it in. RADIUS-as-a-Service also touts other features such as MFA for RADIUS or VLAN tagging, allowing IT organizations to completely secure their users’ network access.
Since it is a part of a greater Directory-as-a-Service, RADIUS-as-a-Service is completely integrated with a cloud identity provider, making it a comprehensive Windows NPS and Active Directory replacement. Directory-as-a-Service also authenticates user access to their systems, applications, servers, and more from a single browser console.
Try RADIUS-as-a-Service Free
Your organization can take advantage of RADIUS-as-a-Service and the rest of the Directory-as-a-Service product absolutely free for up to ten users. Simply sign up for JumpCloud and start exploring with no charge. You can also purchase solely RADIUS for a discounted rate. Please feel free to contact us if you would like more information.