This might be more of a feature request. Microsoft has a huge initiative to move their own internal AD to AzureAD, we well as we are moving clients to AzureAD. (Our organization including). We have also enabled MFA (multi factor) authentication for clients too added security.
It would be nice if Meraki would support Azure AD for authentication or a simple combination of a way to use a RADIUS/Azure AD (with MFA support).
We've looked at some 3rd party RADIUS providers that have support for Azure AD - but the MFA/2FA seems to be issues.
Ideally we'd like to use 8021.X for both enterprise WiFi access and switch port access for Windows 10 devices connected directly to the switch.
Thanks for any feedback, comments, real-work experience, thoughts. Thanks!
Using 2FA for 802.1x would be really painful.
Take WiFi for example; if you are not using fast roaming or 802.11r you could potentially be asked for 2FA authentication everytime you roam between access points. On the wired side you could be asked to 2FA everytime your machine rebooted.
If you really want that I think you might be better of using certificate based authentication with 802.1X and roll out a PKI solution.
I agree if it prompted over and over wouldn't be useful, but
When we use MFA/2FA with other applications like Outlook, Skype for Business, or other website resources they don't re-prompt for MFA until a policy timeout period (30 days, etc). To me it seems the world is heading this direction, why not wireless authentication (or at least for a period of policy timeout).
Microsoft's RADIUS Network Policy server supports RADIUS with MFA,
VPN integration with Azure MFA using NPS extension | Microsoft Docs