Meraki

Community

Solution for deploying Wifi SSID to laptops with Azure AD authentication

Daniel-GAC
Here to help
‎May 8 2024 5:29 AM
‎May 8 2024 5:29 AM

Solution for deploying Wifi SSID to laptops with Azure AD authentication

Hi, im looking for advice for deploying Wifi across multiple sites. We want to use Azure AD authentication and have been deploying a POC Wifi that use the Meraki trusted access app on Windows to do this. This works but requires setup and since we are a large estate we do not want to do this ourselves and cannot trust the end user to do this also.

However we have run into a problem / headache in deploying the app from Intune since it uses an app installer, installer. We ideally want to deployment to be seamless and have little to no user intervention (as you can imagine this is where the issue lie). Has anyone got any ideas for a potential better solution or any way of deploying the MTA app on windows?

 

Thanks 

Daniel 

Labels:
0 Kudos
8 Replies 8
alemabrahao
Kind of a big deal
‎May 8 2024 6:34 AM
‎May 8 2024 6:34 AM

It would be a good idea to consult your Meraki sales representative.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 8 2024 2:38 PM
‎May 8 2024 2:38 PM

You could consider using Microsoft Cloud PKI:
https://learn.microsoft.com/en-us/mem/intune/protect/microsoft-cloud-pki-overview 

This is built into Intune, but does require an extra licence.

PhilipDAth_0-1715204199230.png

 

This allows you to deploy a certificate using Intune onto every device you like.

 

You then configure your SSID on the Meraki side to use "Enterprise Authentication" (aka WPA2/WPA3) using local auth and certificates.  Upload your Cloud PKI root CA certificate, and you are done.

https://documentation.meraki.com/MR/Encryption_and_Authentication/Meraki_Local_Authentication_-_MR_8...)

PhilipDAth_1-1715204259355.png

 

In response to PhilipDAth
Brash
Kind of a big deal
Kind of a big deal
‎May 8 2024 7:58 PM
‎May 8 2024 7:58 PM

That is the dream right there.

Sucks that it's an additional license though.

In response to PhilipDAth
Daniel-GAC
Here to help
‎May 9 2024 12:44 AM
‎May 9 2024 12:44 AM

We are a fairly large corp and have a bit of sway with MS, im sure we will be able to add this license. 

Im going to ask the Team to create a POC SSID and try configure it this way.

Thank you for the help!

In response to PhilipDAth
Daniel-GAC
Here to help
‎May 29 2024 3:38 AM
‎May 29 2024 3:38 AM

Hi @PhilipDAth did you follow a guide to do this? If so can you point me in the right direction. We are struggling with the Intune bit! As we are not fully familiar with how it works.

If not would you be willing to make a guide? 

 

Thank you 

0 Kudos
In response to Daniel-GAC
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 29 2024 3:41 AM
‎May 29 2024 3:41 AM

I'm pretty familiar with Intune, certificates and Meraki, so I just worked it out ...

0 Kudos
In response to PhilipDAth
Daniel-GAC
Here to help
‎May 29 2024 3:54 AM
‎May 29 2024 3:54 AM

Okay no problem. 
Can I ask how you created the cert and deployed it, in intune?

0 Kudos
In response to Daniel-GAC
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 29 2024 4:14 AM
‎May 29 2024 4:14 AM

You create the cert (actually 2 of them) in Intune.  You download the second cert, convert it to a PEM file, and upload that into the Meraki Dashboard.

 

You create an Intune policy to deploy a certificate from CloudPKI to every enrolled machine.

li.common.scroll-to.top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.