At the moment we run a Microsoft NPS server on prem and have our SmartZone using that for radius auth for users on our corporate laptops.
We're moving to Azure native joined devices (not hybrid) so the on-prem AD knows nothing about the machines. The users are syncronized though.
I know the current system won't work as in order to still use certificate based auth, the machine would need an object on prem.
So, suggestions on how we do this?
Ideally we want hands off where we give a device to a user and it's going to transparently connect to the corporate wifi. Can we achieve this with the SmartZone or is this where Cloudpath comes into play (keeping in mind we want this transparent to the user).
- For Smooth device on-boarding using machine authentication, a radius server and CA is must, capability is not currently available in Azure ( It supports SAML based auth and LDAP).
1:- Cloudapath can act as radius server and CA both.
The main part is how the certificates will be distributed to the client devices, depends on factors like.
- If you want to push via AD policy.(supported with Cloudpath)
- If you have any MDM, like Intune, JAMF for device management. (supported with Cloudpath)
2: If you have your own CA, and want to use Cloudpath as a radius server only, then certificate distribution will be totally based on your AD policy and MDM.