Setting up a radius server for Azure AD joined devices and 802.1x | Nicola Suter (nicolonsky.ch)

Paid for -> https://www.securew2.com/blog/azure-ad-802-1x

https://katystech.blog/mem/intune-8021x-pkcs

User Auth Solution

https://katystech.blog/mem/intune-8021x-pkcs

NDES and SCEP setup for Intune- A Complete Guide! – EverythingAboutIntune

Device Auth Solution

1. Deploy Root CA via Intune
2. Deploy Device Cert
   1. SCEP Cert
   2. Subject name format = CN={{AAD_Device_ID}}
   3. SAN UPN = CN={{AAD_Device_ID}}
   4. Target Deployed CA cert
   5. Key Usage both boxes checked
   6. KSP set to TPM if possible otherwise software
   7. Extended Key Usage set to Client Auth
   8. SCEP URL set to Azure App Proxy URL
3. Deploy Wifi Profile set for Device Auth using the above Certificate
4. Create an Azure App Registration and give it
   1. Microsoft GraphDeviceManagementManagedDevices.Read.All
   2. Microsoft GraphDeviceManagementServiceConfig.Read.All
5. Have the script run somewhere on a schedule
   1. https://github.com/zm1868179/Azure-AADJ-Device-Cert-Map/blob/main/AADJDeviceMapping.ps1

Edit the Above Script and supply tenant ID, App Reg ID, App Secret, Edit the $orgUnit to reflect where you want these computer objects stored, edit the $certPath variable to be the CN name of your CA, edit the $Cert to also have the CN Name of your CA

This should create a dummy computer object and map the certificate to it that it will present to NPS and NPS will authorize it

Cloud Auth with Aruba ( needs app or provisioning via web ) -> Configuring Cloud Auth Server in a Wired Network (arubanetworks.com)

Cloud-Native, Modern Solution to 802.1x Network Access Control on Azure AD devices – Part One — Joe’s Tech Space (joestechspace.com)

Using Intune With Third-Party Certificate Authorties? : r/Intune (reddit.com)