Microsoft Tech Community Live: Surface Edition
February 15, 2022, 08:00 AM - 12:00 PM (PST)

Surface Hub and Network Access Control on Wired Network (802.1x).

Occasional Visitor

We need to deploy Surface Hubs in our premises where we have NAC implemented on the wired network.
We have the root and intermediate certificates installed via a provisioning package but we still have authentication failures.
From the tracing it seems that the SH is still trying to use username/password even though the certificates are there (we have the same certificates for Azure access so we know they work). I know this is a bit vague, I am not an expert in 802.1x but I can get more details if needed.

Using WICD I can't seem to find any way to specify the profile for the LAN interface.
I read from this link https://docs.microsoft.com/en-us/surface-hub/enable-8021x-wired-authentication that I can export the LAN profile from my laptop (that works with NAC) to produce an XML file but then again it doesn't say how to import it in a provisioning package. I think that was intended for an InTune policy but I need to connect to the network before I can receive InTune policies so the only option I have is to do it via ppkg.
At the moment we have these ports with NAC disabled but it is just temporary as our Security people don't like that.

Is there anyway I can configure 802.1x for the LAN adapter via provisioning package? Or maybe any other way I didn't think of?
Many thanks, Nic.

1 Reply
The article documents this:
'To configure Surface Hub to use one of the supported 802.1x authentication methods, utilize the following OMA-URI. ./Vendor/MSFT/SurfaceHub/Dot3/LanProfile'

Then in Windows Configuration Designer, you can find the appropriate controle :
SurfaceHub\Dot3\LanProfile