How can I block access to open wifi networks?

Question

We have employees working remote and traveling across the country, using company provided laptops. We would like to know if there is a way to prevent these employees from connecting to open (password-less) wifi networks, using either Intune, Azure AD, or some other way.

I have looked at the local group policy editor and the windows defender firewall but couldn't find anything in there to help. I have also considered using Task Scheduler to turn off the wifi adapter if windows detects an unsecured network, but I have had no success there either.

The closest I've gotten to making this work is using ESET, specifically the steps outlined here: https://support.eset.com/en/kb7554-unprotected-wifi-notification

It works and blocks wifi networks with no passwords, except it also blocks networks that are using WPA3.

Thanks for the help.

Answer 1

@NN1990 Thanks for posting in our Q&A.

From intune's point of view, there is no method to make it. What intune can do is based on windows CSPs provided. Based on my research, I didn't find that there is such windows CSP can block access to open wifi.

Let's wait someone else to share more information from other angles.

---

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

There is no way to do that. The security approach should be different - don't be afraid of open networks, but make the computer secure enough. Basic stuff is bitlocker, antivirus, no-admins. Advanced stuff are applying MS security baselines, onboarding devices to defender and monitoring them, following security recommendations and scores. This is part of Zero Trust methology.