Using the Intune enrollment SCEP certificate as an 802.1x wifi authentication certificate
I have a rather unique issue where we don't have full control over our AD environment and can't implement SCEP and NDES within our domain. I have noticed that when devices get enrolled in Intune they receive a SCEP certificate. Is there any way to leverage that certificate for the wifi authentication? it doesn't seem possible but would be an easier way to handle things compared to setting up a separate domain and certificate authority and installing and setting up the connector on that domain. Before anyone suggests using a 3rd party SCEP service, this is on the cards but would come with a considerable price tag which I am trying to avoid if possible.
Certificate selection when using 802.1x authentication
Hello I have a question on how a certificate is selected from a computers personal certificates when using 802.1x for wireless authentication using Windows NPS server as RADIUS. I have been having issues with users not being able to authenticate to the office WiFi, and after looking at the logs on the NPS server it shows that the computer is giving the NPS server a certificate other than the one belonging to the computer account. There is a list of certificates in the personal certificate store, and the one certificate for the computer account (given by the on prem PKI) is at the bottom of the list. So it looks like it is just choosing the first certificate in the list, and then failing authentication and not giving the correct cert. Shouldn't it go down the list of certs and eventually giving the correct cert instead of the first one in the list and causing authentication to fail? Hope this make sense any insight is appreciated! Thanks.