https://community.ruckuswireless.com/t5/Wireless-Questions-and-Best/Replacing-on-prem-radius-for-Azure-native-joined-devices/m-p/69559#M2277 <P>Hi <a href="https://community.ruckuswireless.com/t5/user/viewprofilepage/user-id/18551">@CBDamiani</a>,<BR /><BR />- For Smooth device on-boarding using machine authentication, a <STRONG>radius server</STRONG> and <STRONG>CA</STRONG> is must, capability is not currently available in Azure <STRONG>(</STRONG> It supports <STRONG>SAML </STRONG>based auth and <STRONG>LDAP)</STRONG>.<BR /><BR />1:- <STRONG>Cloudapath</STRONG> can act as <STRONG>radius server</STRONG> and <STRONG>CA</STRONG> both.<BR /><BR />The main part is how the certificates will be distributed to the client devices, depends on factors like.<BR /><BR />- If you want to push via AD policy.(<STRONG>supported with Cloudpath</STRONG>)<BR />- If you have any MDM, like <STRONG>Intune</STRONG>, <STRONG>JAMF</STRONG> for device management. (<STRONG>supported with Cloudpath</STRONG>)<BR /><BR />2: If you have your own <STRONG>CA</STRONG>, and want to use Cloudpath as a <STRONG>radius server </STRONG>only, then certificate distribution will be totally based on your <STRONG>AD policy</STRONG> and <STRONG>MDM</STRONG>.<BR /><BR /></P> Tue, 10 Oct 2023 19:18:19 GMT vijaykuniyal 2023-10-10T19:18:19Z https://community.ruckuswireless.com/t5/Wireless-Questions-and-Best/Replacing-on-prem-radius-for-Azure-native-joined-devices/m-p/62828#M2266 <P>At the moment we run a Microsoft NPS server on prem and have our SmartZone using that for radius auth for users on our corporate laptops.</P><P>We're moving to Azure native joined devices (not hybrid) so the on-prem AD knows nothing about the machines. The users are syncronized though.</P><P>I know the current system won't work as in order to still use certificate based auth, the machine would need an object on prem.</P><P>So, suggestions on how we do this?</P><P>Ideally we want hands off where we give a device to a user and it's going to transparently connect to the corporate wifi. Can we achieve this with the SmartZone or is this where Cloudpath comes into play (keeping in mind we want this transparent to the user).</P><P>Thanks</P> Thu, 13 Jul 2023 08:57:32 GMT https://community.ruckuswireless.com/t5/Wireless-Questions-and-Best/Replacing-on-prem-radius-for-Azure-native-joined-devices/m-p/62828#M2266 damien_calvert_ 2023-07-13T08:57:32Z https://community.ruckuswireless.com/t5/Wireless-Questions-and-Best/Replacing-on-prem-radius-for-Azure-native-joined-devices/m-p/69559#M2277 <P>Hi <a href="https://community.ruckuswireless.com/t5/user/viewprofilepage/user-id/18551">@CBDamiani</a>,<BR /><BR />- For Smooth device on-boarding using machine authentication, a <STRONG>radius server</STRONG> and <STRONG>CA</STRONG> is must, capability is not currently available in Azure <STRONG>(</STRONG> It supports <STRONG>SAML </STRONG>based auth and <STRONG>LDAP)</STRONG>.<BR /><BR />1:- <STRONG>Cloudapath</STRONG> can act as <STRONG>radius server</STRONG> and <STRONG>CA</STRONG> both.<BR /><BR />The main part is how the certificates will be distributed to the client devices, depends on factors like.<BR /><BR />- If you want to push via AD policy.(<STRONG>supported with Cloudpath</STRONG>)<BR />- If you have any MDM, like <STRONG>Intune</STRONG>, <STRONG>JAMF</STRONG> for device management. (<STRONG>supported with Cloudpath</STRONG>)<BR /><BR />2: If you have your own <STRONG>CA</STRONG>, and want to use Cloudpath as a <STRONG>radius server </STRONG>only, then certificate distribution will be totally based on your <STRONG>AD policy</STRONG> and <STRONG>MDM</STRONG>.<BR /><BR /></P> Tue, 10 Oct 2023 19:18:19 GMT https://community.ruckuswireless.com/t5/Wireless-Questions-and-Best/Replacing-on-prem-radius-for-Azure-native-joined-devices/m-p/69559#M2277 vijaykuniyal 2023-10-10T19:18:19Z