Is this with the wildcard or without it? ... View more

It is whatever server its connecting to, for us we are using NPS for RADIUS. But I did test the Meraki one, pretty sure it only worked when using the full one for the current network. I think not being able to use wildcards is an Intune limitation. You can have multiple entries in the Intune WiFi configuration, so you can list all the entries for all the different Meraki sites (not sure if there is a maximum you can specifiy). Just make sure you also upload the root CA and specify it in the profile as well, as shown in previous screenshot. ... View more

Its towards the bottom of the WiFi configuration profile. You will need to put the server certificate name and the root certificate. This is to prevent a MitM situation, connecting to a rogue WiFi network.   ... View more

@CGRE This is usually down to the 'Certificate server names' not being populated in the Intune WiFi configuration. I think in some cases wildcards are not supported, i.e. *.domain.com ... View more

There isn't at the moment, but I am sure they will be releasing an MR version at some point, they had a mix of CW/Catalyst and MR/Meraki with WiFi 6E models.      ... View more

Anyone have any news on the MR WiFi 7 equivalents? ... View more

Have you tried following this guide? There are quite a few steps involved in the process https://oliverkieselbach.com/2024/03/04/how-to-configure-cloud-pki-certificate-based-wifi-with-intune/ It doesn't include the Meraki part, but it details the steps required to get Cloud PKI setup and the Intune configurations setup. You will need the Cloud PKI trusted cert and issuing cert deployed and then a SCEP configuration for the device to request the SCEP certificate. ... View more

Hi @Akeon I also had this issue with clients asking if they expect to find the network. Only way I found is to add the network name shown below into Intune WiFi profile, I used *. before, but appears it does not like wildcard. And make sure the root (IdenTrust) certificate is present on the devices you are connecting from.   ... View more

I have it working pointing to the Meraki Local Auth and via NPS, the Local Auth method seems to take a long time to authenticate and I did have to reboot the AP to get it working. The lack of OCSP with Cloud PKI is a bit disappointing, only have CRL, which the Meraki Local Auth doesn't seem to support. ... View more

Got it working now @PhilipDAth @RobinHelmig opened the cert and Details tab - copy to file and choose second option, even though it saves as CER you can upload it into Meraki.   ... View more

Hi @PhilipDAth I am now testing this and stuck at the same point, I will have one option to download from Microsoft Cloud PKI and it downloads as .cer. Meraki says this is invalid. Any help would be much appreciated! ... View more

Did you get this working @TJONES-614 ? Is it the same certificate mentioned here https://learn.microsoft.com/en-us/mem/intune/protect/microsoft-cloud-pki-configure-ca#create-trusted-certificate-profile ... View more

Under our account it looks to be £1.64 per licence/per month. Think the pricing is similar to SCEPMan with support.     ... View more

Any update on when the CVE details will be released? ... View more

Hi @MiguelMVLA the email we received didnt say anything about the CVEs, it should said we would be automatically upgraded. I would also like to know the details on the CVEs. I have upgraded all our 100+ APs to 29.5.1, no issues reported so far. ... View more

Any idea when they will reveal the CVEs and their severity? It must be pretty serious as we have had an email saying we are going to be upgraded to 29.5.1 in a week or so and it only came out on the 23rd Jan. ... View more

Hi @znchb There are a few forum posts about multicast triggering on the switch, have you looked into this? https://community.spiceworks.com/topic/287342-wired-802-1x-continouos-authentication-restart-in-win-7 ... View more

We currently use a mixture of EAP-PEAP/MSCHAPv2 and EAP-TLS using SCEP certificates. We use EAP-PEAP/MSCHAPv2 for Windows laptop which are domain joined and use 'Domain Computers' group to get them connected via a GPO config. We use EAP-TLS for our iOS devices which are managed by Intune, the SCEP certificates are issued by a service called SCEPMan running in Azure and the Intune policies tell devices to request the certificates from SCEPMan. The SCEPMan root certificate is then added to devices and on our NPS servers. So in NPS we have two configs one for EAP-PEAP/MSCHAPv2 and one for EAP-TLS. ... View more

Under Network-wide - Clients you can download the list as a CSV, but don't think it will include those who haven't connected. Setting up an open SSID and limiting it via MAC address is always going to be difficult to manage, is there a reason you are doing it this way? Are the Chromebooks not managed by policies where you could push down SSID profiles using a WPA key or RADIUS? ... View more

When you say a second network do you mean another SSID or a completely new network/site? Any clients added are site specific, so you would need to re-add for each site. ... View more

We are seeing some similar random failures on some APs and devices recently, did Meraki say what MR software version was affected? We are running MR33s and MR28.5, upgraded a few months ago. ... View more

Have you looked at this company? https://www.securew2.com/blog/azure-ad-802-1x ... View more

OK, radius-as-a-service might still be able to work, or JumpCloud as someone else mentioned. I think Meraki System Manager can also generate and deploy certificates. Are they using any type of MDM currently? ... View more

I have setup certificate authentication using SCEPman (www.scepman.com) and InTune, SCEPman is a Azure Web App that can generate SCEP certificates but only if the device is registered into InTune. You can then either setup EAP-TLS on NPS or another RADIUS server, or use www.radius-as-a-service.com (same company as SCEPman) and point your Meraki SSID to them. With SCEPman there is a free trial, free version and a paid supported version. With radius-as-a-service you can get a trial, but it is something you need to pay for.   If you do use your own NPS/Radius you need to use SCEPman user certificates as it does a lookup to local AD and cannot resolve Azure AD device ID.   Hope this helps. ... View more