SCEPman

It’s been an incredibly long time coming but at last I have a working proof of concept for an end-to-end entirely cloud-based enterprise wireless network.

Modern security and wifi standards say we have to move to certificates but that’s a tall order for many, particularly if we need to replicate the user-level identification of a humble password.

Updating the old ghost computer account sync script to get NPS working with Azure AD / Entra-joined devices again, but it’s a last gasp.

Microsoft’s Network Policy Server (NPS) has been running network authentication in the enterprise for decades but is now out of the loop when it comes to a modern cloud-first infrastructure. Using an inventive approach, I show that it is possible to overcome its recalcitrance and get it authenticating Azure AD-joined (AADJ) as well as on-prem AD clients. This is the long-form writeup of the project I presented at Microsoft’s Australia-wide Surface Gold & Lighthouse Virtual Event in May 2022....