Hello,
Thank you for posting in Q&A forum.
To achieve single sign on for Azure AD connected devices on a Wi Fi network that supports radius, you can try the following configurations and settings:
Deploy NDES servers and Certificate Authority (CA) servers to ensure that devices can obtain the correct certificates for authentication.
Configure the radius server to integrate with Azure AD, ensuring that devices can authenticate through Azure AD.
Configure WiFi network, use the radius server as the authentication server, and use Azure AD as the authentication source.
Ensure that the device has joined Azure AD and that the authentication method is in mixed mode.
Ensure that the root certificate of the device's Certificate Authority (CA) is trusted.
To solve the problem of users needing to revalidate after resetting their password, you can try the following solution:
Configure the device to support automatic certificate updates. In this way, when the user changes their password, the device can automatically update the certificate without the need for the user to manually revalidate.
Ensure that the device can communicate with the NDES server in a timely manner to update the certificate promptly after password changes.
Through these configurations and settings, you can enable Azure AD connected devices to achieve single login on a radius supported WiFi network, and solve the problem of users needing to revalidate after password reset.
Best regards,
Jill Zhou
If the Answer is helpful, please click "Accept Answer" and upvote it.