I need to restrict users connecting to wifi. We are using Radius authentication with Azure Active direcotyr domain service ldap and radius server is hosted in Azure VM and connected to AADDS Domain. Everything working fine.

Question

I need to restrict users connecting to wifi. We are using Radius authentication with Azure Active direcotyr domain service ldap and radius server is hosted in Azure VM and connected to AADDS Domain. Everything working fine.

Praveen raj 0

We are using Radius authentication. Users in office will connect to meraki AP using their O365 user name and password because we have a ldap connection with Azure Active Directory Domain Service domain and Radius Server is joined to the same domain. Radius server is running in Azure VM. Since users are able to connect to multiple device using same username and password. We need to find a way to restrict. Since its Azure ADDS we have limited options in user properties. Please help on this regard.

Givary-MSFT 35,626 Reputation points Microsoft Employee Moderator

2024-02-26T12:28:28.5733333+00:00

@Praveen raj Just checking in to see if below information was helpful. If you have any further updates on this issue, please feel free to post back.
Praveen raj 0 Reputation points

2024-02-26T12:53:14.3933333+00:00

Hi Givary, Thanks for the time you spend and provide me the details. We have already implemented WIFI access via Radius server which is in Azure and joined via AADDS. Now our concern is whoever part of the group will hvae access to the meraki ap correct. But same user can able to login into multiple devices using same user name and password even to his/her mobile. So we need to restrict this based on device which will give us more control.
Can you help on this regard.
Givary-MSFT 35,626 Reputation points Microsoft Employee Moderator

2024-02-29T16:21:43.4+00:00

@Praveen raj just wanted to check have you explored device-based Conditional Access policies in Azure AD/Entra ID for the above mentioned requirement.

1 answer

Your answer

Givary-MSFT 35,626 Reputation points Microsoft Employee Moderator

2024-02-26T12:28:28.5733333+00:00

@Praveen raj Just checking in to see if below information was helpful. If you have any further updates on this issue, please feel free to post back.
Praveen raj 0 Reputation points

2024-02-26T12:53:14.3933333+00:00

Hi Givary, Thanks for the time you spend and provide me the details. We have already implemented WIFI access via Radius server which is in Azure and joined via AADDS. Now our concern is whoever part of the group will hvae access to the meraki ap correct. But same user can able to login into multiple devices using same user name and password even to his/her mobile. So we need to restrict this based on device which will give us more control.
Can you help on this regard.
Givary-MSFT 35,626 Reputation points Microsoft Employee Moderator

2024-02-29T16:21:43.4+00:00

@Praveen raj just wanted to check have you explored device-based Conditional Access policies in Azure AD/Entra ID for the above mentioned requirement.

Answer 1

@Praveen raj Thank you for reaching out to us, As I understand you want to restrict users connecting to wifi, you can consider this approach If you are using RADIUS authentication with Azure AD Domain Services and Meraki AP, you can restrict access to the Meraki AP by configuring Network Policies on the RADIUS server.

To restrict access, you can create a Network Policy that specifies the conditions under which a user is allowed to connect to the Meraki AP. For example, you can create a Network Policy that only allows users to connect to the Meraki AP if they are members of a specific group in Azure AD.

To do this, you can create a Security Group in Microsoft Entra ID/Azure AD and add the users who are allowed to connect to the Meraki AP to this group. Then, you can configure the Network Policy on the RADIUS server to only allow users who are members of this group to connect to the Meraki AP.

To configure the Network Policy, you can use the Network Policy Server (NPS) console on the RADIUS server. In the NPS console, you can create a new Network Policy and specify the conditions under which the policy should be applied.

Once you have created the Network Policy, you can configure the Meraki AP to use the RADIUS server for authentication. You will need to specify the RADIUS server IP address, shared secret, and other settings on the Meraki AP.

By configuring Network Policies on the RADIUS server, you can restrict access to the Meraki AP based on user attributes such as group membership. This can help improve security and prevent unauthorized access to the network.

Let me know if you have any further questions, feel free to post back.

Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

Share via

I need to restrict users connecting to wifi. We are using Radius authentication with Azure Active direcotyr domain service ldap and radius server is hosted in Azure VM and connected to AADDS Domain. Everything working fine.

1 answer

Your answer