>Is it possible to configure Meraki APs to authenticate Wi-Fi clients solely based on client certificates without involving a RADIUS server?   Yes.  You use local authentication mode, set to certificate authentication. https://documentation.meraki.com/MR/Encryption_and_Authentication/Meraki_Local_Authentication_-_MR_802.1X#Certificate_Caching_(Certificate_Auth)   >If yes, what are the steps or best practices to achieve this?   You 'll need to subscribe to Cloud PKI.  Tere is a long there here about doing it: https://community.meraki.com/t5/Wireless/Azure-Cloud-PKI-is-now-released-how-do-we-hook-Meraki-AP-to-it/m-p/230754   >Does Meraki support any native certificate-based authentication mechanisms in a serverless configuration?   Yes.  It is called Trusted Access.  It uses a Systems Manager licence.  Users can authenticate against Entra ID in the self service portal, deploy a certificate to their device, and then use that to authenticate. https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Trusted_Access_for_Secure_Wireless_Connectivity   >Are there specific configurations in Intune or Meraki that need attention to streamline this setup?   It depends on weather you want to use Cloud PKI or Trusted Access. ... View more