If you ever tried to deploy a W-Fi Profile that is secured by WPA3 Enterprise to Windows Clients in Intune, you probably noticed, that this is not possible using the built-in Wi-Fi Template. Don’t worry, the solution is really simple, you can configure the Wi-Fi Profile on a Client, export it and then deploy it via Custom OMA-URI Policy.
Built-in Wi-Fi Template
If you ever configured a Wi-Fi Profile in Intune, you most likely saw, that you can’t select WPA2 vs. WPA3. The only option is Basic vs. Enterprise:
![](https://mikemdm.de/wp-content/uploads/2024/02/Screenshot-2024-02-18-161139.png)
If you export the resulting profile from an endpoint, you will see it automatically creates it for WPA2:
![](https://mikemdm.de/wp-content/uploads/2024/02/Screenshot-2024-02-18-170216-1024x263.png)
![](https://mikemdm.de/wp-content/uploads/2024/02/Screenshot-2024-02-18-165929.png)
Create a WPA3 Enterprise Profile
To create a WPA3 Enterprise Wi-Fi Profile, we can simply create it manually from within Windows:
![](https://mikemdm.de/wp-content/uploads/2024/02/Screenshot-2024-02-18-170410-1024x574.png)
Enter the SSID and select WPA3 Enterprise:
![](https://mikemdm.de/wp-content/uploads/2024/02/Screenshot-2024-02-18-170453.png)
At the last screen of the wizard, you have to modify the freshly created profile to match your configuration needs, like switch to EAP-TLS and modify the certificate selection properties.
![](https://mikemdm.de/wp-content/uploads/2024/02/Screenshot-2024-02-18-170615-1024x586.png)
Once the Profile is created and working, we just have to export it with the following command: (Replace the Profile Name with your selected SSID)
netsh wlan export profile <ProfileName>
![](https://mikemdm.de/wp-content/uploads/2024/02/Screenshot-2024-02-18-170654-1024x246.png)
Intune Configuration Profile
Lastly, we just have to create a Custom OMA-URI Configuration Profile in Intune. Use the following OMA-URI and change <SSID> with your SSID:
./Vendor/MSFT/WiFi/Profile/<SSID>/WlanXml
Let’s start with a new blank Custom profile:
![](https://mikemdm.de/wp-content/uploads/2024/02/Screenshot-2024-02-18-172846.png)
Give it a Name:
![](https://mikemdm.de/wp-content/uploads/2024/02/Screenshot-2024-02-18-172919.png)
Add a new Row with the OMA-URI from above and the Data type of “String (XML file) and upload the exported profile from the client:
![](https://mikemdm.de/wp-content/uploads/2024/02/Screenshot-2024-02-18-173212-1024x549.png)
![](https://mikemdm.de/wp-content/uploads/2024/02/Screenshot-2024-02-18-173230.png)
![](https://mikemdm.de/wp-content/uploads/2024/02/Screenshot-2024-02-18-173311-1024x586.png)
After the usual stuff, like add Scope Tags and Assignment, we can review our settings and create the Profile.
![](https://mikemdm.de/wp-content/uploads/2024/02/Screenshot-2024-02-18-173336.png)
![](https://mikemdm.de/wp-content/uploads/2024/02/Screenshot-2024-02-18-174423.png)
![](https://mikemdm.de/wp-content/uploads/2024/02/Screenshot-2024-02-18-171109.png)
Conclusion
While it is unfortunately not yet possible to create a WPA3 Enterprise encrypted Wi-Fi Profile in Intune directly, you fortunately create and deploy it pretty easily with the Custom OMA-URI Profile type in Intune.
Leave a Reply