Intune: 802.1x Wi-Fi, NPS and user PKCS certificates

One of the things I dislike the most about Azure AD joined devices on our enterprise wireless (using NPS on Windows Server for authentication) is that having to put my credentials in whenever I connect is poor usability compared to, say, a traditional domain joined device which can authenticate by device, or user, seamlessly. While there isn’t really a way to replicate device based authentication with Azure AD joined devices (to cut a long story short – there is no computer object in AD for NPS to look for), you can configure things so that you can use a user certificate.

There’s a few pre-requisites for this:

  • Wireless network using WPA2-Enterprise (or any flavour that uses 802.1x)
  • Active Directory domain already set up
  • AD Certification Authority already set up (Enterprise CA)
  • User accounts synced to Azure AD
  • NPS installed and configured
  • Devices Azure AD joined and enrolled in Intune

As part of this process we will be configuring a certificate template, installing the Intune Certificate Connector for Intune onto a server of your choosing and creating some configuration profiles. Continue reading “Intune: 802.1x Wi-Fi, NPS and user PKCS certificates”