Intune EAP-TTLS Windows setup

This document provides a comprehensive guide to setting up EAP-TTLS authentication for your Wi-Fi network using Microsoft Intune and Foxpass. EAP-TTLS (Extensible Authentication Protocol - Tunneled Transport Layer Security) is a robust authentication method that secures network access by validating user credentials against a RADIUS server. By following these steps, you can ensure secure and efficient network access for your users, leveraging the capabilities of Intune for profile management and Foxpass for user authentication.

The steps are mentioned below:

Create Wi-Fi Profile in Intune

• Go to Devices > Manage Devices > Configuration > Create > New Policy

• Platform: Windows 10 and later.
• Profile Type: Templates and select Wi-Fi
• Click 'Create'.

• Name: Enter a name for the Wi-Fi profile (e.g., "Foxpass EAP-TTLS").
• Wi-Fi type: Enterprise
• Wi-Fi name (SSID): Enter your SSID(e.g., "Foxpass EAP-TTLS")
• Connection name: Same as your SSID.
• Authentication mode: User

• EAP type: EAP-TTLS
• Certificate server names: *.foxpass.com
• Authentication method: Username and password
• Non-EAP method (Inner identity): Unencrypted Password(PAP)

• Assign users/groups/devices according to your use case.
• Configure the applicability rules according to your use case.
• Review your profile and click 'Create'.

Enroll your device

Enroll your device to Intune. If it is already enrolled, assign the respective policy to the device.

• For Windows, search 'Access work or school' > Enroll only in device management.

• Follow the on screen instructions to enroll your device.
• Once enrolled, you will be prompted for username and password for your SSID.
• Enter your credentials.

• For successful/unsuccessful connections, you can check logs on the RADIUS logs page.