The months challenege is well timed for me as we are reviewing our security. Currently our staff devices have their wifi password which is a preshared key (done so we can control what devices are connected to our network) saved in the keychain.
Now I thought I was being smart and if I used a profile instead that the password wouldn't appear in the keychain and the OS would rely on the information inside the profile instead of the keychain. It looks like this isn't the case so I want to know if there is anyone around this without changing to another authentication method.
Meraki CMNO, Ruckus WISE, Sonicwall CSSA, Allied Telesis CASE & CAI
I'm waiting for "Trusted Access" to become "full release" - and it sounds like it would suit your use case. You have to have a Systems Manager licence to use it - but the device does not need to be managed by Systems Manager.
Trusted Access is basically a Meraki based certificate server. Meraki handle all the complexities of managing the certificates and deploying them.
So it allows you to use super tight certificate based authentication without the usual pain of certificates.
I'm thinking this feature might be released in the new year. This is my guess.