Windows 11 22H2 breaks MSCHAPv2 authentication for WiFi and wired connections

PhilipDAth
Kind of a big deal

Windows 11 22H2 breaks MSCHAPv2 authentication for WiFi and wired connections

This is a heads up - a big problem that is going to affect a huge number of WiFi networks.

 

Windows 11 22H2 enables credential guard by default - which disables MSCHAPv2 by default for single sign-on.  Many companies use MSCHAPv2 for authenticating to WiFi and wired connections (because it was the default setting in Windows 10 and 11 till now).

 

If you use this configuration, as users upgrade to Windows 11 22H2 they will no longer be able to authenticate to the network "at login" (as in automatically - single sign-on).  If enabled, users will still have the ability to click on the connection concerned and manually re-authenticate - but this breaks the whole user experience of seamless connectivity.

 

Microsoft recommends migrating to certificate-based authentication.

 

https://learn.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-g... 

 

 

This is going to be a lot of work ...

3 REPLIES 3
BlakeRichardson
Kind of a big deal

Ah great. Thanks for sharing I am sure a lot of people are going to be scratching their heads soon. 

www.btr.net.nz
KarstenI
Kind of a big deal

Thanks for the info. Just not sure why MS does this also when MSCHAPv2 is done through a TLS tunnel ...

GIdenJoe
Kind of a big deal

Holy crap... this is going to be a tough one.

I always enjoy a company just pushing changes through an update without actually announcing this a year before so administrators get time to implement.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.