For network access and policy management capabilities, Microsoft’s RADIUS server and proxy tool is the Network Policy Server (NPS). NPS offers authentication, authorization, and accounting (AAA), enables the use of heterogeneous network equipment and ensures the health of network devices.
The RADIUS protocol provides the configuration and management of authentication for network clients central to NPS functionality. Current editions of NPS are installable via the Network Policy and Access Services (NPAS) feature in Windows Server 2016 and Server 2019.
What Is the Purpose of NPS?
Network Policy Server is the solution for Windows network administrators using RADIUS capabilities. Not only does NPS offer configurable policies for network access, but it also ensures non-Microsoft devices can connect once authenticated.
By placing users and client devices in groups or automating classification, administrators can control the types of clients and permissions available to network users. This control allows for continued management of access policies and also enables event logging for accounting purposes. NPS also scans requests to ensure client health and maintain network integrity.
The 3 Roles of NPS
NPS performs AAA for wireless, switch, remote access dial-up, and VPN connections as a RADIUS server. Administrators configure network access servers — e.g., WAP and VPN servers — as RADIUS clients, and log event data on the local hard disk or a SQL Server database.
NPS can configure access policies and manage which RADIUS server a connection request delivers as a RADIUS proxy. This includes the ability to forward accounting data for replicating logs on multiple remote RADIUS servers for load balancing.
As remote work and BYOD policies present various devices to networks, administrators need to know which endpoints are trustworthy. The NPS can act as a health validator for client devices through indicators like patched software, firewalls, and malware definitions.