{"id":6847,"date":"2023-04-12T05:30:13","date_gmt":"2023-04-12T05:30:13","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=6847"},"modified":"2024-01-25T03:32:40","modified_gmt":"2024-01-25T03:32:40","slug":"wireless-ssid-certificate-based-auth-azure-ad","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/wireless-ssid-certificate-based-auth-azure-ad","title":{"rendered":"Wireless SSID Certificate Based Auth ( Azure AD )"},"content":{"rendered":"\n

Setting up a radius server for Azure AD joined devices and 802.1x | Nicola Suter (nicolonsky.ch)<\/a><\/p>\n\n\n\n

Paid for -> https:\/\/www.securew2.com\/blog\/azure-ad-802-1x<\/a><\/p>\n\n\n\n

<\/p>\n\n\n\n

https:\/\/katystech.blog\/mem\/intune-8021x-pkcs<\/a><\/p>\n\n\n\n

<\/p>\n\n\n\n

User Auth Solution<\/strong><\/p>\n\n\n\n

https:\/\/katystech.blog\/mem\/intune-8021x-pkcs<\/a><\/p>\n\n\n\n

NDES and SCEP setup for Intune- A Complete Guide! \u2013 EverythingAboutIntune<\/a><\/p>\n\n\n\n

Device Auth Solution<\/strong><\/p>\n\n\n\n

    \n
  1. Deploy Root CA via Intune<\/li>\n\n\n\n
  2. Deploy Device Cert\n
      \n
    1. SCEP Cert<\/li>\n\n\n\n
    2. Subject name format = CN={{AAD_Device_ID}}<\/li>\n\n\n\n
    3. SAN UPN = CN={{AAD_Device_ID}}<\/li>\n\n\n\n
    4. Target Deployed CA cert<\/li>\n\n\n\n
    5. Key Usage both boxes checked<\/li>\n\n\n\n
    6. KSP set to TPM if possible otherwise software<\/li>\n\n\n\n
    7. Extended Key Usage set to Client Auth<\/li>\n\n\n\n
    8. SCEP URL set to Azure App Proxy URL<\/li>\n<\/ol>\n<\/li>\n\n\n\n
    9. Deploy Wifi Profile set for Device Auth using the above Certificate<\/li>\n\n\n\n
    10. Create an Azure App Registration and give it\n
        \n
      1. Microsoft GraphDeviceManagementManagedDevices.Read.All<\/li>\n\n\n\n
      2. Microsoft GraphDeviceManagementServiceConfig.Read.All<\/li>\n<\/ol>\n<\/li>\n\n\n\n
      3. Have the script run somewhere on a schedule\n
          \n
        1. https:\/\/github.com\/zm1868179\/Azure-AADJ-Device-Cert-Map\/blob\/main\/AADJDeviceMapping.ps1<\/a><\/li>\n<\/ol>\n<\/li>\n<\/ol>\n\n\n\n
          \n
          Not able to use computer certificate to authenticate to Wifi before Windows login<\/a>
          by           u\/G_Man007<\/a> in Intune<\/a> <\/blockquote>