Microsoft® Windows® NPS Alternative

By Vince Lujan Posted July 12, 2019

Windows NPS

As IT admins look for RADIUS server options, many are looking for a Microsoft® Windows® NPS alternative. The on-prem open source FreeRADIUS solution is usually the obvious choice, which has served as a RADIUS server for many years. So, how does FreeRADIUS compare to Windows NPS? We’ll discuss that further down the page, but first, let’s outline Windows NPS and why admins are looking for an alternative. 

Overview of Windows NPS

Windows NPS (Network Policy Server) is Microsoft’s solution to a RADIUS server. It lives as a Windows Server role. Windows Server is Microsoft’s operating system for enterprise server workloads (usually hosted in data centers), and included within Windows Server is, of course, Active Directory® (AD) as well.

Microsoft created their proprietary RADIUS implementation (i.e., NPS) to help authenticate and manage access to network infrastructure such as VPNs, WiFi, switches, routers, and more. The idea was to enable IT admins to connect their users to network infrastructure gear with seamless integration into AD, usually their core identity provider (IdP).

For Windows-based, on-prem networks, the Windows NPS solution provides another capability in an already fairly robust infrastructure for identity and access management (IAM). As most already know, Active Directory is widely regarded as the legacy, on-prem market share leader in directory services. 

Yet, IT admins also know that a Microsoft identity management implementation is partial to Windows infrastructure. Even their new Azure Active Directory® (Azure AD) solution—which is not a cloud replacement to AD—functions more as an extension to on-prem AD for Azure, another Microsoft solution rather than a cloud directory service.

So, it’s really no surprise that admins are looking for a Windows NPS alternative. After all, modern networks are leveraging a wide variety of different network infrastructure equipment including VPNs and wireless access points which aren’t tied to the Windows operating system. Yet, Microsoft is constantly trying to limit your ability to leverage non-Windows platforms by not offering native support.

Essentially, the fact that Microsoft solutions are not designed to work seamlessly with non-Windows resources is a big problem for IT. It is also a problem that could be easily avoided with next generation cloud IAM solutions. Thus, admins are now searching for a Windows NPS alternative that does work seamlessly with modern networks. 

Enter FreeRADIUS

FreeRADIUS is usually the alternative of choice to Windows NPS for IT admins. As a free to use and open source solution, admins can connect their users via RADIUS, but without the proprietary Windows focus of Windows NPS. 

Similarly to Windows NPS, FreeRADIUS can also help authenticate and manage access to network infrastructure such as VPNs, WiFi, and more. Further still, IT admins are able to leverage the features of 802.1x and integration into AD or perhaps a different IdP. 

However, it’s important to consider your overall IAM infrastructure before implementing a FreeRADIUS solution. After all, layering a FreeRADIUS solution on top of AD will inherit the limitations of the on-prem legacy IAM platform. Not only that, but RADIUS authentication is only one of many IAM challenges within modern networks. 

So, while FreeRADIUS is a viable alternative to Windows NPS, admins often find themselves wanting more. What they really want is to replace Windows Server / Active Directory as a whole with a next generation alternative in order to expand support for their heterogeneous networks, while retaining all of the IAM functionality (including RADIUS) that they need for their environment. Considering that Microsoft will end support for Windows Server 2008 and 2008 R2 on January 14, 2020, now may be the best time to migrate away from Windows Server, rather than invest in newer versions of the platform that unsurprisingly share the same limitations. 

Windows NPS Alternative

The good news is that there is a Microsoft Windows NPS alternative that solves a number of the challenges that NPS has for modern organizations. The solution, called Directory-as-a-Service®, is a cloud implementation of IAM or, said another way, a reimagination of Active Directory and Windows Server’s identity management capabilities in the cloud. 

In short, Directory-as-a-Service’s cloud RADIUS functionality leverages a global network of FreeRADIUS servers hosted in the cloud. With this cloud directory, IT admins can leverage RADIUS-as-a-Service capabilities to reach a favorable outcome without on-prem infrastructure, nor being tied to the Windows NPS platform. 

Another advantage of JumpCloud RADIUS-as-a-Service is the ability to add multi-factor authentication (MFA) to the RADIUS authentication workflow. The end result is that IT admins can double down on network security via RADIUS and MFA for RADIUS-backed infrastructure—while simultaneously eliminating the need for Windows Server and Windows NPS entirely. 

Learn More About RADIUS-as-a-Service

Create a free account, and check out JumpCloud’s Windows NPS alternative today. Your first 10 users are free forever, and you can demo the full functionality of the Directory-as-a-Service platform at no cost. Contact JumpCloud if you have any questions.

Vince Lujan

Vince is a writer and videographer at JumpCloud. Originally from a small village just outside of Albuquerque, he now calls Boulder home. When Vince is not developing content for JumpCloud, he can usually be found doing creek stuff.

Recent Posts