This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 88%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESC%3C/text%3E%3C/svg%3E)
That is not to discuss what option is better/more secure etc
Using GPO I do set Authentication Mode to: Computer
https://dailysysadmin.com/KB/Article/714/create-a-group-policy-to-deploy-a-company-wireless-access-point/
http://www.hospitableit.com/howto/wireless-802-1x-for-machine-auth-only-using-nps/
So only machine certificate is needed to access WiFi
With Intune WiFi Policy
https://learn.microsoft.com/en-us/mem/intune/configuration/wi-fi-settings-windows
I can not replicate the same behaviour.
I am using this "workaround" - https://social.technet.microsoft.com/Forums/lync/en-US/7c6dcb5c-7e24-4a10-89d0-3f8fcec55877/ndes-scep-certificate-to-connect-to-enterprise-wifi-nps-radius?forum=microsoftintuneprod
At login screen (before user logon) machine connects to WiFi (using machine certificate)
The very moment user logs in, connection is dropped (if user has no certificate, ie local only user).
If user has certificate issued (again by NDES Connector), then connection swaps to user certificate & all fine.
Is there a way to make Intune WiFi Policy to be for Computer only ? So local user can also connect (issue kind of like this: https://social.msdn.microsoft.com/Forums/en-US/06b38091-644b-4405-ad70-fbe789e3ea04/issues-with-nps-computer-certificate-and-local-admin-account?forum=winserverNAP )
Seb
Tested above and indeed, if I import GPO created WiFi profile and apply it to Intune only machines (that do have NDES Connector issued certificate from my internal CA), I can have MACHINE ONLY authentication for WiFi connectivity
So local user (no certificate issued) stays connected to WiFi
No idea why Intune own WiFi profile does not have this option available!
Seb
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 98%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
To my knowledge, Intune Wi-Fi profile do support PEAP authentication, and can be configured for certificate authentication with SCEP and PKCS.
For SCEP profile, you can configure the device certificate type, which allows to deploy the computer certificate on the client device. Please click the following link for more info about SCEP device certificate type.
Create and assign SCEP certificate profiles in Intune
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
I can see that exported xml (netsh wlan export profile) from Intune only & GPO only respective machines are quite different, especially
<authMode>machine</authMode>
is missing from Intune config
Also section <EAPConfig> ....
is quite different
I will test import of GPO version into Intune Custom Profile (as per this - https://allthingscloud.blog/deploy-wifi-profile-with-pre-shared-key-to-windows-10-using-microsoft-intune/ ) and see if it works
Seb