Closed peter-dolkens closed 1 week ago
@peter-dolkens yes, that's an important limitation. Please refer to the upstream project for details.
The suggested approach is to use Conditional Access Policies. see https://github.com/jimdigriz/freeradius-oauth2-perl/issues/12
This project only package the upstream to be used in a Azure Container Instance or similar environments.
The alternatives are the 'official' Azure VPN with Azure VPN Gateway but with no outgoing access to Internet. Outgoing internet access would require using Azure Virtual WAN P2S with Secure Hub Firewall which is ~1000$/month, at least in Azure-based networking.
In the end is a matter of Risk assessment as part of the Enterprise/Company networking security :)
More an FYI than anything else, as I realize this complicates things considerably
Azure has started enforcing MFA for certain types of accounts