Configure certificate based authentication to Wi-Fi with ConfigMgr and Intune

Once you have certificate deployment working, you can use it for several purposes. One example would be to use certificate based authentication against Exchange (on-prem), VPN or WiFi Profiles. Certificate based authentication against WiFi profiles is a common ask, in this post I'll explain how to configure this in ConfigMgr 2012 R2.

  1. Create a new WiFi profile.
  2. Enter SSID details.
  3. Select your Security Type, Encryption and “Smart Card or other certificate” and select “Configure”.
  4. Configure as follows: “Use a certificate on this computer”, deselect “Verify the server’s identity…..”  and hit “Advanced”.
  5. Pressing the “Advanced” button will bring you to the “Configure Certificate Selection” dialog.
    Make sure you select your issuing CA and add the “Client Authentication” SKU at the AnyPurpose section. 
  6. Hit OK until you return to “Add Wi-Fi Profile Security Configuration” wizard (shown at step 3).
    Select the appropriate Root Certificate.
    Select the appropriate Client Certificate.
    image image
  7. After selecting “Next” make sure you enable “Specify Authentication Mode” and select “User Authentication”.
  8. If a proxy is required, details can be provided in the next dialog.
  9. Select the platforms and deploy this profile to a user group.

After deploying the profile, wait a few minutes and enroll a new user or enforce a policy refresh on Windows Phone 8.1. You phone should connect to the WiFi automatically using the SCEP Certificate.

If this post helped you, consider leaving a reply.

Comments (3)

  1. Anonymous says:

    Content moved

  2. MrShannon says:

    Any guidance on doing this with Cloud Only Intune?

  3. MrShannon says:

    Sorry, I meant to post that last comment when logged in.

    Any guidance on doing this with Cloud Only Intune?

Skip to main content