Windows 11 22H2 breaks MSCHAPv2 authentication for WiFi and wired connections
This is a heads up - a big problem that is going to affect a huge number of WiFi networks.
Windows 11 22H2 enables credential guard by default - which disables MSCHAPv2 by default for single sign-on. Many companies use MSCHAPv2 for authenticating to WiFi and wired connections (because it was the default setting in Windows 10 and 11 till now).
If you use this configuration, as users upgrade to Windows 11 22H2 they will no longer be able to authenticate to the network "at login" (as in automatically - single sign-on). If enabled, users will still have the ability to click on the connection concerned and manually re-authenticate - but this breaks the whole user experience of seamless connectivity.
Microsoft recommends migrating to certificate-based authentication.
Thank you, PhilipDAth!! We just ran up against this problem on a new batch of Win11 22H2 laptops using their domain machine accounts for Windows NPS RADIUS authentication to wifi, so your post was a HUGE help in determining how to overcome the connectivity issue until we can fully implement certificate-based authentication.
We were able to get the new 22H2 laptops to automatically connect by first disabling Windows Defender Credential Guard using the registry key method found in this MS doc, and then manually enabling NTLMv2 authentication by adding the registry key found in this MS doc. Hope this helps somebody else like me who hasn't fully implemented certificate-based authentication and was caught off guard by this change.