Organizations are making the much needed transition to cloud-based network solutions. To ease the transition, Microsoft created Azure Active Directory to aid clients moving their directories from the on-premise Active Directory (AD) to the cloud.
However, Azure is limited compared to AD when it comes to support for WPA2-Enterprise Wi-Fi. AD is an on-premise solution, and Microsoft doesn’t offer cloud PKI or Certificate Authority (CA) services.
So if you want to migrate to the cloud, you might get stuck and have to keep the expensive AD-domain hardware. In this article we’re going to look at some solutions that can help bring your network to the cloud.
Why Can’t I Just Use Azure AD?
AD emerged in late 1999 when the working world was already 90% Microsoft Windows. While directory services weren’t a new idea, Microsoft’s ability to deliver it easily was game changing.
IT administrators were able to deploy Windows devices to all their employees while still maintaining all the control they needed. IT continued to use AD almost exclusively. This created an environment in which there was more pressure on only choosing systems and applications that could be controlled by AD. This monopoly on networks meant that Microsoft had little incentive to support third-party solutions nor help organizations move to the cloud.
Microsoft eventually offered Azure AD, which, on paper, as the cloud version of AD, but that’s not necessarily the case. Implementing Azure AD had led to some issues for Windows admins, particularly around network authentication.
A common problem Windows admins face is the fact that Azure AD doesn’t natively support LDAP, unless you sync it up with on-prem AD. Instead of a seamless migration to the cloud, admins will have to create new accounts for all their users, plus create and enforce their access levels. This is a major headache for network admins and can be annoying for end users to need multiple logins.
The Problem With Azure, Active Directory and Network Security
Authenticating network users with credentials has been the standard for some time, but as cyber criminals continue to advance, the flaws of passwords are becoming too big to ignore.
Passwords can be shared, forgotten, and stolen, making them a weak form of security especially considering a successful cyber attack can bankrupt your business. Many Azure and AD networks authenticate users with PEAP-MSCHAPv2, which unfortunately contains a major vulnerability in it’s encryption.
Digital certificates provide a better security standard because they themselves are encrypted entities that can be individually issued to every verified user, serving as an identifier instead of asking the user to create a password.
The best certificate-based authentication protocol is EAP-TLS, which is undoubtedly the most secure. With EAP-TLS, both the client and server are equipped with certificates and can verify each other with said certificates. Authenticating users based on certificates eliminates over-the-air credential theft and ensures that only verified users will be granted network access. It’s also easy to map user attributes to certificates based on the user’s standing in the organization.
Using Digital Certificates With Azure
Many admins have turned away from using certificates because they seemed too difficult to program and issue to every device. This is only the case if you manually configure devices for certificates.
The best way for Azure customers to deploy certificates is with onboarding software for BYODs and Gateway APIs, such as SCEP, for managed devices. SecureW2 offers an easy to use PKI that easily integrates with Azure as an IDP.
With SecureW2’s Managed PKI Services, you’ll have no infrastructure costs because it’s all on the cloud, can be set up in a few hours, and costs a fraction of the price of on-prem PKIs. Our #1 rated JoinNow onboarding software requires no technical expertise and can be completed easily by end users, further reducing IT overhead and costs.
Migrating Active Directory (AD) to the Cloud
AD has cornered the market in online directories, but with the adoption of cloud-base solutions AD’s on-prem infrastructure has become a hindrance for many organizations trying to migrate to the cloud. Luckily, if you use Microsoft Azure as your SAML provider, you can easily set up a WPA2-Enterprise network equipped with Cloud RADIUS using SecureW2.
Cloud RADIUS is the only RADIUS Server that comes with an industry-exclusive Dynamic Policy Engine that integrates natively with Azure and Intune, and empowers organizations with certificate-based authentication for ultra secure Wi-Fi and VPN authentication.
With our Dynamic Policy Engine, everytime a user is authenticated for network access, admins can enforce network policies in real time. Cloud RADIUS automatically checks user status, what groups they’re in, if they’ve changed departments, and ties them to custom network policies created by administrators in our easy to use management system. All the benefits of historic LDAP authentication, with none of the risks associated with credential-based authentication.
With SecureW2 you can have your secure network set up in a matter of hours and have a support team ready to assist you with any of your questions. Check out our pricing page to see if our solutions can help secure your network.