Skip to content

Configuring Wi-Fi Profile with EAP-TLS in Intune

To configure a Wi-Fi profile with EAP-TLS certificate authentication in Intune, follow these steps:

Prerequisites

Ensure you have the following:

  • A working Intune compatible PKI/certificate infrastructure for your organization. We recommend EasyScep for a plug-n-play SaaS solution.
  • A Root CA certificate deployed to devices.
  • Client certificates issued to devices.
  • Access to the Microsoft Intune administration portal.

If you have already deployed the required certificates then you can skip step 1 and step 2.

Step 1: Deploy the Root CA Certificate

  1. Go to Microsoft Intune administration portal.
  2. Navigate to Devices > Configuration profiles and click on Create profile.
  3. Select Windows 10 and later as the platform.
  4. Choose Templates and select Trusted certificate.
  5. Click Create.
  6. Name the profile and upload the Root CA certificate.
  7. Assign the profile to the required groups.
  8. Click Create to save the profile.

Step 2: Issue Client Certificates

  1. In the Microsoft Endpoint Manager admin center, go to Devices > Configuration profiles.
  2. Click on Create profile.
  3. Select Windows 10 and later as the platform.
  4. Choose Templates and select SCEP Certificate.
  5. Click Create.
  6. Name the profile and configure the following settings:
Setting Value
Certificate type Device
Subject name format CN={{DeviceName}}
Certificate validity period 1 year
Key storage provider (KSP) Software KSP
Key usage Digital Signature
Key size (bits) 2048
Hash algorithm SHA-2
Root Certificate Select the previously deployed Root CA certificate
Extended key usage Client Authentication (1.3.6.1.5.5.7.3.2)
SCEP Server URLs Enter the SCEP server URL from your certificate authority
  1. Assign the profile to the required groups.
  2. Click Create to save the profile.

Step 3: Configure the Wi-Fi Profile

  1. In the Microsoft Endpoint Manager admin center, go to Devices > Configuration profiles.
  2. Click on Create profile.
  3. Select Windows 10 and later as the platform.
  4. Choose Templates and select Wi-Fi.
  5. Click Create.
  6. Name the profile and configure the following settings:
Setting Value
SSID Enter the SSID of the Wi-Fi network
Security type WPA2-Enterprise
EAP type EAP-TLS
Authentication method Certificate
Root Certificate Select the previously deployed Root CA certificate
Client Authentication Select the previously deployed SCEP certificate profile
  1. Assign the profile to the required groups.
  2. Click Create to save the profile.

Step 4: Validate the Configuration

  1. Ensure the devices are synced with Intune.
  2. Verify that the Wi-Fi profile is applied and the device can connect to the Wi-Fi network using EAP-TLS authentication.

By following these steps, you can successfully configure a Wi-Fi profile with EAP-TLS certificate authentication in Intune.