Forum Discussion
Hybrid to Entra ID WiFi Certificate Authentication NPS via WHfB Cloud Trust & Cloud PKI-Replace ADCS
Hy,
the Option 2 is more reliable and work very good if you target to switch on Cloud Only.
Good luck!
Hello Bogdan_Guinea ,
If I deploy cloud PKI root CA, Cloud PKI Issuing CA and the SCEP configuration profile to the autopilot.
The autopilot device receive:
1. The cloud PKI root CA
2. Cloud PKI Issuing CA using configuration profile "trust certificate"
3. Computer certificate issued from the Cloud PKI issuing CA.
4. Wifi configuration profile doing reference to the cloud PKI root CA.
Then, the new Entra ID joined device is in the office and detect the WIFI. the end-user try to connect to this WIFI which will check the NPS.
What do I need to do in the NPS? Should I install the Cloud PKI Root CA and Cloud PKI Issuing CA in the NPS server to keep the trust and warranty that NPS will trust the Cloud PKI which issue the computer CA?
Hy,
so... yes with that you should be ready to go, ant the Trust for your NPS should also look like that:
- Install the Cloud PKI Root CA certificate on the NPS server. This should be imported into the "Trusted Root Certification Authorities" store on the local computer.
- Install the Cloud PKI Issuing CA certificate on the NPS server. This should be imported into the "Intermediate Certification Authorities" store on the local computer.
- Publish the Issuing CA certificate to the NtAuthCA store in order to be able to validate client certificates.
- Don’t forget to obtain the necessary licenses for Cloud PKI. Consider using the available trial licenses first so you can test the service before committing, and assign this to your devices/users based on your configuration and WiFi Profile.
Good luck!