Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,526 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 27%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Hello @Irvanda,
Entra ID does not have a native RADIUS feature. Instead, it integrates with RADIUS through the Network Policy Server (NPS) extension. This extension allows Entra ID to provide multifactor authentication (MFA) for applications and network devices that rely on the RADIUS protocol.
The Network Policy Server (NPS) extension acts as an adapter between RADIUS-based applications (like VPNs, Wi-Fi controllers, etc.) and Entra ID, enabling MFA. The NPS server authenticates a user's credentials against Active Directory and then sends the MFA request to Azure.
Please find the flow below to understand how RADIUS is integrated with Microsoft Entra ID.
- Client Application (VPN client): Sends authentication requests to the RADIUS client.
- RADIUS Client: Converts requests from the client application and sends them to the RADIUS server with the NPS extension installed.
- RADIUS Server: Connects with Active Directory for primary authentication and passes the request to the NPS extension for secondary authentication.
- NPS Extension: Triggers a request to Entra ID for MFA and completes the authentication request by providing the RADIUS server with security tokens.
For more details on configuring NPS extension to require MFA for RADIUS client - Integrate your existing Network Policy Server (NPS) infrastructure with Microsoft Entra multifactor authentication