Microsoft Intune Support Tip: How to deploy a Wi-Fi profile to Windows Phone using a pre-shared key (PSK)


~ Joel Stevens | Support Escalation Engineer

In a unified management scenario where Microsoft Intune is integrated with Configuration Manager, you can deploy Wi-Fi profiles to Windows Phone devices via the console UI. With that said, there are some additional Wi-Fi options that can also be configured if you use XML to deploy the profile instead. One such example is defining a Preshared key (PSK) and I’ll walk you through how to do that here.

1. First, create a new configuration item:

image

2. Name the configuration item and choose Mobile Device as the type. Use a descriptive name for the Configuration Item:

image

3. Select Configure additional settings that are not in the default settings group then click Next:

image

4. Click Add:

image

5. Click Create Setting…

image

6. Enter the following information:

a. The network name
b. A description
c. Setting type = OMA URI
d. OMA-URI (Case Sensitive) = ./Vendor/MSFT/WiFi/Profile/MyNetwork/WlanXml

Important: For OMA-URI, replace MyNetwork with the SSID of your Wi-Fi network.

Click OK.

image

7. Select the setting you just created:

image

Enter the following information:

Name
Description
Rule Type = Value

Paste in the XML code below, formatted to a single line, in standard .XML format. Configuration Manager will automatically convert this to embedded XML when it processes the configuration item. The following example is to deploy a WPA2 PSK with no proxy settings:

<?xml version=”1.0″?><WLANProfile xmlns=”http://www.microsoft.com/networking/WLAN/profile/v1″><name>MyNetwork</name><SSIDConfig>
<SSID><name>MyNetwork</name></SSID></SSIDConfig><connectionType>ESS</connectionType>
<connectionMode>auto</connectionMode><MSM><security><authEncryption><authentication>WPA2PSK
</authentication><encryption>AES</encryption></authEncryption><sharedKey><keyType>passPhrase</keyType>
<protected>false</protected><keyMaterial>P@ssword123</keyMaterial></sharedKey></security></MSM></WLANProfile>

Note that the XML above is a single line, it just wrapped here for readability purposes.

Important: Replace “MyNetwork” with the Wi-Fi network SSID. The SSID is case sensitive as is everything else in the XML code. Also replace P@ssword123 with the preshared key (PSK). This example uses WPA2PSK and AES encryption. If your network settings do not match, you must edit the XML code as appropriate.

Now that you have created your configuration item, the next step is to add this to a configuration baseline, deploy the configuration baseline to the required user or device collection, then monitor the compliance of the configuration baseline.

More Information

Be aware that having the <connectionMode> property set to “auto” won’t connect the device to your defined network automatically until the user disconnects from the current WLAN connection or taps the new WLAN name to force the connection. You could potentially use <autoSwitch> to overcome this issue, however that will create radio pollution and drain the devices battery more quickly.

You should modify the information above using the information for your network.  Additional information about the XML elements and their possible values can be found here:

WLAN_profile Schema Elements

You can also reference the section titled WiFi configuration service provider (New in Windows Phone 8.1) in the protocol documentation here:

Windows Phone 8.1 MDM protocol documentation

For additional information on creating mobile device configuration items, please see the following:

How to Create Mobile Device Configuration Items for Compliance Settings in Configuration Manager

 

Joel Stevens | Support Escalation Engineer | Microsoft

fbTwitterPic

Our Blogs


Comments (0)

Skip to main content