Forum Discussion
WiFi WPA2 Enterprise seamless sign-on
Forgot to update this.
Short answer: If the computer is only joined to Azure AD, WPA2 Enterprise seamless authentication is not possible.
As of now (March 2019) it is not possible to have seamless (users are not prompted for authentication) WPA2 Enterprise authentication when the computers (Windows 10) are not joined to an on-premise AD (only joined to Azure AD). This is because winlogon credentials contains a cloud user which will not be allowed to authenticate automatically on RADIUS (radius is using the on-premise AD).
Ben Nichols Yes, certificate based authentication is an option. In our case requirement was to use only Azure AD, without any on-premise servers (no federated AD) or VMs on cloud. Using only Azure AD, cloud only users, currently it is not possible.
rajeshkhanikarThat sounds about right. I have achieved it with no on-prem servers, and just 3 small Azure VMs (CA, NDES and RADIUS servers) using EAP-TLS.
You might possibly be able to also achieve it using Azure Directory Services (to give you a LDAP endpoint) and one RADIUS server with EAP-TTLS with MSCHAPv2.
