25,160 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 80%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEF%3C/text%3E%3C/svg%3E)
for me, I found a work around by input a Regedit key in the Azure NPS vm server. Hope can help anybody in this world.
EnableNTLMv2 Compatibility = 1
Azure AADDS and Azure RADIUS migration
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 84%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEL%3C/text%3E%3C/svg%3E)
Eduardo ll Juntilla Garganera
1
Reputation point
Hi, Currently, we have an on-premises Radius, DHCP, Active Directory server, and a Cisco Wireless Lan controller with an SSID for an enterprise connection pointing to an on-premises radius for authentication. Now that we are planning to migrate to the cloud, we created an AADDS and an Azure radius, and we tried to ping from our on-premises to the new radius to see if there was a connection; we were glad we could ping the new Azure radius we also joined this server to our domain using our new AD, and we also added a tunnel to make it possible, on Cisco WLC we created a separate SSID pointing to the new Azure Radius, but when we tried to connect to that SSID, we were unable to authenticate. By the way, were still using the on-prem DHCP server and having a DNS server pointing to old AD cause our DNS server was there. Do you have any idea whats our mistake was?
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Entra | Other
2,599 questions
2 answers
Sort by: Most helpful
-
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 57.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Shashi Shailaj 7,631 Reputation points Microsoft Employee Moderator2021-10-25T13:03:21.903+00:00 @Eduardo ll Juntilla Garganera
In this case i assume you have created a Azure AD domain Services instance . Also You have created windows server with NPS role to act as a RADIUS server in azure . Pinging will work but I do not think authentication will work because Azure AD DS does not support registering the NPS server hence this may not work . At this point this is a requested feature but this is on hold internally and we do not have any update for now. However you can directly setup authentication with Azure AD using your on-pre RADIUS server by installing Azure MFA NPS extension. Please check https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension. This should help . Should you have any further queries , please let us know and we will be happy to help .
----------------------------------------------------------------------------------------------------------------------------------------------------------
- Please don't forget to click on
or upvote 
button whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how - Want a reminder to come back and check responses? Here is how to subscribe to a notification
- If you are interested in joining the VM program and help shape the future of Q&A: Here is how you can be part of Q&A Volunteer Moderators
- Please don't forget to click on