Solution for deploying Wifi SSID to laptops with Azure AD authentication

Daniel-GAC
Here to help

Solution for deploying Wifi SSID to laptops with Azure AD authentication

Hi, im looking for advice for deploying Wifi across multiple sites. We want to use Azure AD authentication and have been deploying a POC Wifi that use the Meraki trusted access app on Windows to do this. This works but requires setup and since we are a large estate we do not want to do this ourselves and cannot trust the end user to do this also.

However we have run into a problem / headache in deploying the app from Intune since it uses an app installer, installer. We ideally want to deployment to be seamless and have little to no user intervention (as you can imagine this is where the issue lie). Has anyone got any ideas for a potential better solution or any way of deploying the MTA app on windows?

 

Thanks 

Daniel 

8 Replies 8
alemabrahao
Kind of a big deal
Kind of a big deal

It would be a good idea to consult your Meraki sales representative.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PhilipDAth
Kind of a big deal
Kind of a big deal

You could consider using Microsoft Cloud PKI:
https://learn.microsoft.com/en-us/mem/intune/protect/microsoft-cloud-pki-overview 

This is built into Intune, but does require an extra licence.

PhilipDAth_0-1715204199230.png

 

This allows you to deploy a certificate using Intune onto every device you like.

 

You then configure your SSID on the Meraki side to use "Enterprise Authentication" (aka WPA2/WPA3) using local auth and certificates.  Upload your Cloud PKI root CA certificate, and you are done.

https://documentation.meraki.com/MR/Encryption_and_Authentication/Meraki_Local_Authentication_-_MR_8...)

PhilipDAth_1-1715204259355.png

 

Brash
Kind of a big deal
Kind of a big deal

That is the dream right there.

Sucks that it's an additional license though.

Daniel-GAC
Here to help

We are a fairly large corp and have a bit of sway with MS, im sure we will be able to add this license. 

Im going to ask the Team to create a POC SSID and try configure it this way.

Thank you for the help!

Daniel-GAC
Here to help

Hi @PhilipDAth did you follow a guide to do this? If so can you point me in the right direction. We are struggling with the Intune bit! As we are not fully familiar with how it works.

If not would you be willing to make a guide? 

 

Thank you 

PhilipDAth
Kind of a big deal
Kind of a big deal

I'm pretty familiar with Intune, certificates and Meraki, so I just worked it out ...

Daniel-GAC
Here to help

Okay no problem. 
Can I ask how you created the cert and deployed it, in intune?

PhilipDAth
Kind of a big deal
Kind of a big deal

You create the cert (actually 2 of them) in Intune.  You download the second cert, convert it to a PEM file, and upload that into the Meraki Dashboard.

 

You create an Intune policy to deploy a certificate from CloudPKI to every enrolled machine.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels