Thanks @PhilipDAth, That answers my question. I appreciate you replying to this old thread! Hopefully this info is helpful to others looking for this info as well.   Quick edit: If RADIUS doesn't get computer information, what mechanism would make it possible to authenticate the computer/device the user is logging in from? Would we have to use something different altogether? ... View more

Hi @PhilipDAth,   Can you elaborate on why this isn't possible? We're looking to implement this (we already have RADIUS configured to authenticate based on a specific user group) but it sounds like it wouldn't work. NPS in Windows Server 2012 has the option to do both user and computer via Windows Group (which says it does both?), or, one or the other meaning you can select Machine Groups or User Groups.   Is this a limitation on the Meraki side? ... View more

Yeah, unfortunately we're not using SM.. we're using Microsoft's Intune MDM solution. I should note that we are already using RADIUS for authentication. The piece that's missing here is the ability to deploy the VPN connection either with the PSK already defined so that information does not need to be disseminated to the user, OR use a certificate in place of PSK. I've always used PSK so configuring the VPN connection to use a certificate would be new to me. Lastly would be the mass deployment part. I have a number of users who require the use of the VPN and configuring this on an individual basis would be cumbersome and inefficient. I believe it can be done through GPO but not 100% sure on that. I just want to get an idea for how others out there deploy the Client VPN solution to their users. ... View more