I would like to configure a Server 2016 NPS deployment to serve RADIUS for WiFi authentication in several offices. The NPS would be hosted in AWS, as such the only practical way for multiple offices to access it would just be over the public internet. Can NPS be configured such that this is safe to do? i.e. only allow PEAP rather than PAP, MSCHAP, etc.?
Thanks