Hi everyone,
It's April of 2024, Microsoft Cloud PKI for Microsoft Intune has been out for some time and it looks very promising for AAD-only joined devices but how do we hook our MRs to it so one can do enterprise 802.11x based on PKI certificate auth (device based auth)?
https://learn.microsoft.com/en-us/mem/intune/protect/microsoft-cloud-pki-overview
I know how to do it the legacy way, with on-prem CA etc EAP-TLS and RADIUS as the last mile authenticator to the Meraki AP but this "Cloud PKI" is totally new. It promises to eliminate on-prem CA, the InTune connector and ton of other heavy weight.
Anyone gone down that road? What endpoint would the APs talk to? What profile to setup the SSID under? So many unknowns?
Thanks
~B
Already done it.
Configure the SSID to use local auth with certificate authentication. Upload your CloudPKI certificate. Works great.
@PhilipDAth Thank you but what do you plug here? Azure Cloud PKI does NOT expose any end points on the public Internet to where the MR can be pointed to?
In the image here, you have certificate auth disabled.
Following what @PhilipDAth said, you need to enable it.
I was just looking at this and its damn expensive
2000 devices/users somewhere in the region of £34000 per annum as a standalone Addon.
You would think MS would include this in enterprise licences.
When running a test to install the certificate i get the follower error
In Cloud PKI, there are two different formats for downloading the root CA. You need to download the other format.