Support Tip: AE Work Profile Device + Wi-Fi Profile “Error” when Using Device-Based Certs

Hi, Not sure if anyone has experience on this one.

I've been trying to get iOS devices to device authentication against NPS to a wifi network, very similar to this post but iOS. Certificates come down, Scep profile comes down, wifi profile comes down to the device, however client fields and NPS logs state

“The specified user account does not exist”

Have tried:

UPN set to {{DeviceName}}@domainname.com

DNS set to {{DeviceName}}@domainname.com

UPN set to {{Device_Serial}}@domainname.com

DNS set to {{Device_Serial}}@domainname.com

Confirmed on iOS device that these fields are passing correctly to the device. On-Prem ADObject created of the device name. I feel like I'm missing a setting or Intune is passing that its a user account not a device. I've tried {{Device_Serial}}@domain.com and that get the same error. Creating a user account with as that serial number works, however I want to be using AD computer objects instead.

In our previous MDM platform I'd state "DeviceName$" which is currently working on the old MDM platform. You can't put dollar signs in the UPN to encourage it to identify as a computer.

Resolved:

This has been resolved by setting the attribute on the computer object of "UserPrinicipalName". 

Using powershell:

New-AdComputer "Computername" -UserPrincipalName "Computername@domain.com"