Intune EAP/TLS Wi-Fi Profile Only Applied to First Wi-Fi NIC?

Microsoft

I'm working on a problem unrelated to the subject of this post related to RADIUS authentication with Cisco ISE and needed to use an external network adapter capable of monitor/promiscuous mode to catch some traffic in Wireshark.

 

I have Intune set up to push down certificate and Wi-Fi profiles which normally work fine. The device goes out to NDES to get its cert then connects to our Wi-Fi using the EAP/TLS Wi-Fi profile pushed down from Intune.

 

I noticed that when I hook up my external Wi-Fi adapter, the Intune Wi-Fi profile doesn't seem to work on it. Instead of connecting with EAP/TLS, it asks for username/password. This makes me think that Intune isn't applying or associating the Wi-Fi profile with this external NIC.

 

Has anyone else encountered this? Is it possible Intune is only assigning the Wi-Fi profile to the first NIC it finds or the NIC that was in use when the device was enrolled? Even if I disable the built-in NIC in device manager, it still won't use the Wi-Fi profile on the external NIC. So weird.

 

I'm doing this testing on a Surface and have disabled the internal Wi-Fi NIC in UEFI/BIOS and am currently re-imaging the device with just the external adapter connected to see if that makes any difference.

 

thanks,

Dan

 

3 Replies

Hi @DanWheeler706 ,

 

Are you deploying the WiFi profile as custom policy or using settings catalog? and have you targetted it to user or device group?

 

Best Regards,

Somesh

If you find this helpful and it answers your question, please mark it as an “Accepted Solution”.

As far as I can tell, the Intune wifi profile will apply to the first active adapter. You can possibly script this to tweak the configuration.

@somesh_pathak it is from the settings catalog and it assigned at the device level. It works fine under normal circumstances, just not when you add a 2nd NIC (e.g. an external/USB wi-fi adapter)