You need to be very careful running a RADIUS server in Azure if you're using RADIUS/UDP. Azure has a network security feature on by default that drops fragmented UDP packets that arrive out of order. This negatively impacts RADIUS/UDP traffic. To give you an example, at least 20% of EAP-TLS auth attempts were failing for us in the cert auth phase due to this issue. Azure support can turn on the 'enable-udp-fragment-reordering' feature by request after providing packet captures and use case info etc. They will also only turn it on in a brand new subscription that's dedicated to running VMs that require this feature. After we did this, our auth success rate increased to 100%. Another thing to be wary of is setting 'tls_max_version' to 1.3. Windows 11 supports TLS 1.3 by default for EAP-TLS etc but does not yet support session resumption when using this protocol (see https://learn.microsoft.com/en-us/windows-server/networking/technologies/ext...). It's worth dropping the Max version to 1.2.