Meraki

Teddy_fr

Hi all,

I successfully configured the Meraki VPN (on MERAKI MX100) with a shared security key and email/password for each user and native Windows client. But would it be possible to increase security using a USB authentication key or Microsoft Authenticator on a smartphone?

Mloraditch

Not with just the native authentication. You need to either use radius or more ideally get licensed for Secure Client (AnyConnect) that will have a better end user experience

One example For Microsoft Authenticator with Radius:
https://documentation.meraki.com/SASE_and_SD-WAN/MX/Design_and_Configure/Configuration_Guides/Client...
https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-nps-extension

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

PhilipDAth

To add to @Mloraditch answer, I haven't done an AnyConnect+RADIUS deployment for 2 years now. Everyone wants SAML, because that allows you to natively authenticate against Entra ID.

And if you are using Entra ID, you can use a FIDO2 key, such as a YubiKey, or Microsoft Authenticator.

https://documentation.meraki.com/SASE_and_SD-WAN/MX/Design_and_Configure/Configuration_Guides/Client...

Brash

The native Windows client is pretty limited in its support for additional security features.

As said above, if you use Microsoft Entra, you can enable MFA via the MFA extension and conditional access.

Teddy_fr

Ok, thank you for all 🙂

Meraki

Community

VPN Clients and secure key usb

VPN Clients and secure key usb