Welcome back! In this blog we’re going to continue where we left off in the last entry where we looked at using Microsoft Intune to provision the native wired 802.1x supplicant on Windows 10. This time, we shift our focus to the wireless 802.1x supplicant. If you missed that one, be sure to check it out! OK! Let’s go!
It is not my goal (or desire!) to cover all the pre-requisites in this write up, so let’s establish a few assumptions around the existing environment.
Since we already have the SCEP configuration and our Trusted Certificates in place, there is only one bit left to do.
#1 – Configure the Windows 10 Wi-Fi Configuration Profile Template in MS Intune! Go! Go! Go!
Unlike pushing a wired 802.1x configuration from Intune, which we had to leverage a “Custom” profile type, Intune has a pre-built template for this! While this pre-built template is not up to date (yet) with the newest and coolest 802.1x EAP method on the block (EAP-TEAP), it will be able to support 99% of the deployments currently in the wild. All of this is done through Microsoft Intune administration at https://endpoint.microsoft.com/.
Begin by navigating to Devices > Configuration Profiles > Create Profile.
Select Windows 10 for Platform, Templates for Profile Type, and Wi-Fi for Template Name. Create!
Give it a Name! Give it a Description! Click Next!
The example below is setup to use EAP-TLS! Note that even though the “User” SCEP profile was selected in the configuration, through testing we were able to validate both User OR Computer were able to successfully authenticate to this network! Ensure you scope this to all devices! Create!
This was a quick and dirty (and admittedly rough around the edges) look at central provisioning of the wireless native 802.1x supplicant in Windows10 via Microsoft Intune. In the next entry in this series, let’s look at integrating MS Intune as an MDM into ISE so that we may perform some Authorization checks against these Authentications (remember, no AD)! Thanks for reading!
As always if you have any questions on getting Cisco's ISE set up for you and your business and would like to schedule a free consultation with us, please reach out to us at sales@lookingpoint.com and we’ll be happy to help!
Want the answers to the most asked questions about ISE? Check out our video below!