NPS policy to distinguish requests from smartphones/tablets and computers RRS feed

  • Question

  • Hi all,

    do you have any solution to be set in the NPS policy to distinguish a request coming from a smartphone or tablet?

    my actual configuration is made by a single SSID (for both smartphones and computers) that send the request to the NPS Radius, secured by certificate authentication issued by internal CA.

    actually the only way I have found to assign a different vlan on a smartphone then a computer is only to:

    • create in AD a specific account for every smartphone, and to that user assign a memebership of a specific AD group. In the NPS, in the conditions, i have added the membership of that AD Group. I have a rule that will assign the vlan (DMZ) for smartphone/tablet if matched the condition.
    • for computers (will not match the rule above) will assign the "client" vlan

    my question is...how can i avoid to create an AD users for every single device? i would like the NPS to automatically recognize the device (by the conditions rules or any other way), and using only the user account certificate assigning the vlan for smartphone to smartphones and the vlan for clients to computers.

    I hope is clear.

    thanks in advance for any advice.


    Wednesday, August 1, 2018 1:25 PM

All replies

  • Sorry guys, i think i've solved.

    i finally chose to set the "user certificate" (issued by CA) for smartphone only, and to use the "computer certificate (issued by CA) for laptops only.



    Wednesday, August 1, 2018 1:51 PM
  • Hi,

    Thank you for sharing the solution to this issue, I learn more from your reply, and I believe partners who may visit this thread in the future will benefit from your sharing. 

    Best regards,


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, August 3, 2018 2:29 AM