Changelog: Release History
There are two parts to the deployment that are packaged together but are maintained and tracked separately.
| A list of known issues are described on our roadmap. |
- Managed Application
-
The code that handles the deployment and the resources that are used (such as firewalling), provides the API and the web base user interface.
- Virtual Machine (also referred to as the ‘service’)
-
The code used to run the virtual machines providing the RADIUS/RadSec service.
To determine the version of each that you are using, go to the managed application page and navigate the menu on the right and listed at the bottom, under the ‘Outputs’ section, you will find the values for ‘versionManagedApplication’ and ‘versionVirtualMachine’. Use the first two numerical parts of those values to search for your version below.
| Though these values resemble the ‘YYYYMMDD’ format, they are not meaningful as a date and used only as an incrementor. |
Managed Application
Upcoming Release
20260000-20260000
Features
-
General Availability (GA) release including tier support
-
You now will be billed.
-
-
New user interface replacing the now deprecated Azure Custom Resource Providers
-
Microsoft Entra ID (including MFA) integration and Microsoft GraphAPI access provisioned during deployment
-
RADNAC now requires an Application registration used for ddeployment that includes permissions to create applications and assign necessary permissions to operate
-
-
Improve load times of realm and device listings that use the same TLS configuration
-
Support for read-only, as well as read-write, access to RADNAC’s API by using RBAC role assigments to the managed application resource
-
Added support from the Marketplace web portal UI installer the option to control disk type and size used (support for ‘Standard HDD’ has been removed).
Fixes
-
Install: improve reliability by reducing race of RBAC roles taking effect for the User Assigned Managed Identity
iddeploymentused during the deployment -
Compliance: rename more resources to match recommendations
-
Compliance (TrackingID#2506010040000591 over two years!): remove use of Azure Storage Shared Key access and move to Managed Identity access
-
Users: do not allow IANA special use domains which would lead to an invalid configuration that could not be loaded
-
Workaround: delete or rename user entity
-
-
Cost: disabled ‘Zone redundancy’ for the Azure Function as there are cost implications as as the function will no longer scale to zero
-
Fix issues that improve startup reliability whilst waiting for RBAC changes to propagate
Virtual Machine
20260000-20260003
Features
-
Authorization: use
refreshTokensValidFromDateTimeandsignInSessionsValidFromDateTimefor credential caching-
lastPasswordChangeDateTimewas always considered
-
-
Update of FreeRADIUS from 3.2.8 to 3.2.10
-
Fixed authorization policies when using EAP-(T)TLS resumption
-
By design, any configured MFA policy is skipped for TLS resumed sessions to avoid MFA fatigue
-
Fixes
-
Authorization: fix that
lastPasswordChangeDateTime,refreshTokensValidFromDateTime, andsignInSessionsValidFromDateTimecan all be unset -
Devices: improve multi-transport such as running both UDP and RadSec
-
Devices: improve CIDR support, in particularly for
0.0.0.0/0and::/0 -
Fix issues that improve deployment reliability whilst waiting for RBAC changes to propagate