What our customers say
Why is Wi-Fi authentication important?
- Security: Prevents unauthorised access to your network, reducing the risk of data breaches, malware infections, and other security threats.
- Access control: Allows you to control who can access your network and what resources they can access.
- Accountability: Enables you to track network usage and identify potential security issues.
Common Wi-Fi authentication methods
- Pre-Shared Key (PSK): The most common method, where all users share the same password to access the network. While easy to set up, it's less secure as the password can be easily shared. (e.g., WPA2-Personal)
- Extensible Authentication Protocol (EAP): A more secure method that uses individual credentials for each user, often in conjunction with a RADIUS server. (e.g., WPA2-Enterprise)
What is RADIUS?
RADIUS (Remote Authentication Dial-In User Service) is a networking protocol that provides centralised authentication, authorisation, and accounting (AAA) for network access. It acts as a middleman between the device trying to connect and the system that verifies the credentials.
We often recommend to our clients authenticating Wi-Fi access through Microsoft Entra ID and employee individual Microsoft 365 accounts.
Benefits of integrating Wi-Fi authentication with Microsoft 365
- Centralised identity management: Manage Wi-Fi access and Microsoft 365 access from a single platform (Microsoft Entra ID).
- Enhanced security: Enforce strong authentication policies, including MFA and Conditional Access, for Wi-Fi access.
- Simplified user experience: Users can use their Microsoft 365 credentials to access the Wi-Fi network. No need for separate or shared logins.
- Improved compliance: Meet regulatory requirements by actively logging and monitoring network access.
By linking your Wi-Fi authentication to Microsoft 365, you can create a more secure, efficient, and user-friendly wireless network environment.
Staff and guest networks with VLANs
To enhance security and network management, it is common to segment wireless networks using Virtual LANs (VLANs). Here's how VLANs can be used for staff and guest networks:
Staff network:
- Authenticated using WPA2-Enterprise with RADIUS, often integrated with Microsoft Entra ID for credential verification.
- Assigned to a specific VLAN (e.g., VLAN 10) that provides access to internal network resources, such as file servers, printers, and applications.
- Policies can be applied to the staff VLAN to enforce specific security settings and access controls.
Guest network:
- Authenticated using a less restrictive method, such as a captive portal or Pre-Shared Key (PSK).
- Isolated on a separate VLAN (e.g., VLAN 20) that has limited or no access to internal network resources. Guest access typically only includes Internet access.
- Policies are applied to the guest VLAN to restrict bandwidth, limit access to potentially harmful websites, and ensure compliance with legal requirements.
Both networks can work simultaneously allowing for different access depending on the user.
By Implementing Wi-Fi authentication and linking this to Microsoft 365, as well as setting VLANs for network segmentation, you can create a more secure, efficient, and user-friendly wireless network environment.
Contact us to schedule a consultation and explore our tailored solutions. Our experts will work closely with you to design an authentication procedure that works for your business.