Configure RADIUS Accounting on VPN System
Question
You need to collect accounting information from your VPN solution and decide to deploy and configure Microsoft Defender for Identity.
You use a Microsoft Routing and Remote Access Server as a VPN server.
You want Defender for Identity to integrate with your VPN solution by listening to RADIUS accounting events forwarded to the Defender for Identity sensors.
You install the Microsoft Defender for Identity Standalone sensor on your RRAS server.
Next you open UDP port 1813 your Defender for Identity standalone sensors to enable VPN integration.
What should you do next to configure RADIUS Accounting on the VPN system?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: B
You must configure the Accounting provider and set it to RADIUS Accounting.
By enabling Radius Accounting, the Defender for Identity sensor will enable a pre-provisioned Windows firewall policy called Microsoft Defender for Identity Sensor to allow incoming RADIUS Accounting on port UDP 1813
See exhibit:
![1. Open the Routing and Remote Access console.
2. Right-click the server name and click Properties.
3. In the Security tab, under Accounting provider, select RADIUS Accounting and click Configure.
VEN (local) Properties 2 x
General Secuty IPv4 IPv6IKEv2 PPP Logging
‘The Authentication provider validates credentials for remote access clents
and demand-dal routers.
Atherton prover:
[iiniows Ashes SS
‘Ashertaton Matha.
‘The accounting provider maintains a log of connection requests and
‘Accounting provider:
[RADIUS Accounting =] Configure.
‘The custom IPsec policy specties a preshared key for L2TP/IKEv2
connections. The Routing and Remote Access service should be started to
setthis option. IKEv2iniiators configured to authenticate this server using
Certfcate wil not be able to connect.
IT Allow custom IPsec policy for L2TP/IKEv2 connection
Preshared Key
‘SSL Certificate Binding:
TT Use HTTP
‘Select the certficate the Secure Socket Tunneling Protocol (SSTP)
server should use to bind with SSL (Web Listener)
Cetticate: [Defaut View
[og [coveat ]](https://eaeastus2.blob.core.windows.net/optimizedimages/static/images/Microsoft-365-Security-Administration-(MS-500)/answer/imgckeditor_12_23_58.png)
Option A is incorrect.
Binding the SSL Certificate to use HTTP is not a prerequisite to integrate Defender for Identity with your VPN server in this scenario.
Option C is incorrect.
Configuring a static IPv6 address is not a prerequisite to integrate Defender for Identity with your VPN server.
Option D is incorrect.
Use this feature to define a preshared key.
This is not a prerequisite to integrate Defender for Identity with your VPN server in this scenario.
To know more about integrating Defender for Identity with VPN, please refer to the link below:
To configure RADIUS accounting on the VPN system, you should select option B: Configure an Accounting provider.
Here is the detailed explanation:
RADIUS (Remote Authentication Dial-In User Service) is a networking protocol that provides centralized authentication, authorization, and accounting management for remote access users. RADIUS accounting records contain information about user activities, such as when a user logged in, how long the session lasted, and how much data was transferred during the session.
To integrate Defender for Identity with your VPN solution by listening to RADIUS accounting events, you need to configure your VPN server to forward RADIUS accounting messages to Defender for Identity sensors. This can be achieved by configuring an Accounting provider in your VPN system.
An Accounting provider is responsible for collecting and forwarding RADIUS accounting messages to a RADIUS accounting server or a third-party application, such as Defender for Identity. In this case, you will configure the Accounting provider to forward RADIUS accounting messages to the Defender for Identity standalone sensors that you installed on your RRAS server.
To configure an Accounting provider on the RRAS server, you need to follow these steps:
Open the Routing and Remote Access console on the RRAS server.
Right-click on the server name and select Properties.
Click on the Security tab.
Click on the Authentication Methods button.
Select the RADIUS Accounting option.
Click on the Configure Accounting button.
In the Accounting provider drop-down list, select New.
In the New Accounting Provider dialog box, enter a name for the provider (e.g., Defender for Identity).
In the Accounting Server section, enter the IP address and port number of the Defender for Identity sensor.
Select the UDP protocol.
Click OK to save the provider.
After configuring the Accounting provider, your VPN system will start forwarding RADIUS accounting messages to Defender for Identity sensors. To ensure that the messages are received correctly, you also need to open UDP port 1813 on the Defender for Identity standalone sensors.
Option A (Set the SSL Certificate Binding to use HTTP) is not related to RADIUS accounting or Defender for Identity integration with VPN solution.
Option C (Configure a IPv6 static IP address) is not required for RADIUS accounting or Defender for Identity integration with VPN solution.
Option D (Allow custom IPsec policy for L2TP/IKEv2 connections) is not related to RADIUS accounting but is a valid configuration step for L2TP/IPsec or IKEv2 VPN connections.