Configuring Wi-Fi Profile with EAP-TLS in Intune
To configure a Wi-Fi profile with EAP-TLS certificate authentication in Intune, follow these steps:
Prerequisites
Ensure you have the following:
- A working Intune compatible PKI/certificate infrastructure for your organization. We recommend EasyScep for a plug-n-play SaaS solution.
- A Root CA certificate deployed to devices.
- Client certificates issued to devices.
- Access to the Microsoft Intune administration portal.
If you have already deployed the required certificates then you can skip step 1 and step 2.
Step 1: Deploy the Root CA Certificate
- Go to Microsoft Intune administration portal.
- Navigate to Devices > Configuration profiles and click on Create profile.
- Select Windows 10 and later as the platform.
- Choose Templates and select Trusted certificate.
- Click Create.
- Name the profile and upload the Root CA certificate.
- Assign the profile to the required groups.
- Click Create to save the profile.
Step 2: Issue Client Certificates
- In the Microsoft Endpoint Manager admin center, go to Devices > Configuration profiles.
- Click on Create profile.
- Select Windows 10 and later as the platform.
- Choose Templates and select SCEP Certificate.
- Click Create.
- Name the profile and configure the following settings:
| Setting | Value |
|---|---|
| Certificate type | Device |
| Subject name format | CN={{DeviceName}} |
| Certificate validity period | 1 year |
| Key storage provider (KSP) | Software KSP |
| Key usage | Digital Signature |
| Key size (bits) | 2048 |
| Hash algorithm | SHA-256 |
| Root Certificate | Select the previously deployed Root CA certificate |
| Extended key usage | Client Authentication (1.3.6.1.5.5.7.3.2) |
| SCEP Server URLs | Enter the SCEP server URL from your certificate authority |
- Assign the profile to the required groups.
- Click Create to save the profile.
Step 3: Configure the Wi-Fi Profile
- In the Microsoft Endpoint Manager admin center, go to Devices > Configuration profiles.
- Click on Create profile.
- Select Windows 10 and later as the platform.
- Choose Templates and select Wi-Fi.
- Click Create.
- Name the profile and configure the following settings:
| Setting | Value |
|---|---|
| SSID | Enter the SSID of the Wi-Fi network |
| Security type | WPA2-Enterprise |
| EAP type | EAP-TLS |
| Authentication method | Certificate |
| Root Certificate | Select the previously deployed Root CA certificate |
| Client Authentication | Select the previously deployed SCEP certificate profile |
- Assign the profile to the required groups.
- Click Create to save the profile.
Step 4: Validate the Configuration
- Ensure the devices are synced with Intune.
- Verify that the Wi-Fi profile is applied and the device can connect to the Wi-Fi network using EAP-TLS authentication.
By following these steps, you can successfully configure a Wi-Fi profile with EAP-TLS certificate authentication in Intune.