Forum Discussion
WiFi WPA2 Enterprise seamless sign-on
- Mar 11, 2019
Forgot to update this.
Short answer: If the computer is only joined to Azure AD, WPA2 Enterprise seamless authentication is not possible.
As of now (March 2019) it is not possible to have seamless (users are not prompted for authentication) WPA2 Enterprise authentication when the computers (Windows 10) are not joined to an on-premise AD (only joined to Azure AD). This is because winlogon credentials contains a cloud user which will not be allowed to authenticate automatically on RADIUS (radius is using the on-premise AD).
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert#configure-network-device-enrollment-services-to-work-with-microsoft-intune
- rajeshkhanikarDec 11, 2018Brass Contributor
Thanks for your response. We have seen this article. But it doesn't discuss expected behaviour for Azure AD joined computers (not hybrid). Our goal is to enable seamless WPA2 Enterprise authentication for only Azure AD joined computers (not hybrid).
- Jenu JoseDec 14, 2018Copper Contributor
Ah I see. In that case, NDES should hand out the client certificate to your Azure AD joined computer. And then you will need to make sure the Azure AD joined computer has the root certificate as well. Have you confirmed that NDES is handing out the client certificate and that the root certificate is being deployed to your computers?
- Jenu JoseDec 14, 2018Copper Contributor
You might also want to follow this thread; sounds like a similar problem to yours.