How Can I join an on-premise RADIUS server to Azure AD without having active directory on-premise

Mohammed Shankar 0 Reputation points


i'd like to link my on-prem RADIUS server with AAD , my active directory on Azure. is there any way to do this way?

Windows Server Infrastructure
Windows Server Infrastructure
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Infrastructure: A Microsoft solution area focused on providing organizations with a cloud solution that supports their real-world needs and meets evolving regulatory requirements.
530 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,598 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Konstantinos Passadis 17,456 Reputation points MVP

    Hello @mohammed shankar !

    Welcome to Microsoft QnA!

    For a Radius Server to work you can do it only with Azure Domain Services

    Azure AD Domain Services provides managed domain services such as domain join, group policy, LDAP, and Kerberos/NTLM authentication. You need to enable AAD DS in your Azure environment.

    Azure AD does not support the Radius implementation

    If you could provide more details on the purpose we may provide a way but in general LDAP is not supported on Azure AD - Entra ID , only via Azure Domain Services

    I hope this helps!

    Kindly mark the answer as Accepted and Upvote in case it helped!


  2. JimmySalian-2011 42,066 Reputation points

    Hi Mohammad,

    Yes you can try the handing off authentication requests via the Radius to Azure AD and check the configuration process here -

    Hope this helps.



    Please Accept the answer if the information helped you. This will help us and others in the community as well.

    0 comments No comments

  3. Konstantinos Passadis 17,456 Reputation points MVP

    Hello @mohammed shankar !

    In that case you can integrate using the NPS Extension

    Use when: 

    You need to add multifactor authentication to applications like

    • a Virtual Private Network (VPN)
    • WiFi access
    • Remote Desktop Gateway (RDG)
    • Virtual Desktop Infrastructure (VDI)
    • Any others that depend on the RADIUS protocol to authenticate users into the service.


    Rather than relying on RADIUS and the Microsoft Entra multifactor authentication NPS extension to apply Microsoft Entra multifactor authentication to VPN workloads, we recommend that you upgrade your VPN’s to SAML and directly federate your VPN with Microsoft Entra ID. This gives your VPN the full breadth of Microsoft Entra ID Protection, including Conditional Access, multifactor authentication, device compliance, and Identity Protection.

    I hope this helps!

    Kindly mark the answer as Accepted and Upvote in case it helped!


    0 comments No comments