locked
NPS Conditional Wifi access for corporate iPads RRS feed

  • Question

  • Hi!

    I use NPS to allow access to corp Wifi for my domain joined laptops based on the group 'Domain Computers'.  So if the laptop is a domain member it just connects to Wifi with no username or password prompt.

    Getting a lot of requests to allow corporate owned and managed iPads to connect to this same network which I am doing using domain username and password and the MAC address of the Ipad.  We add the MAC addresses under 'Calling-Station ID' and trigger on a domain group 'IPad-Access'.  This like the laptops works well however starting to get very messy to manage and like something else I can trigger in NPS for these specific iPads other than the MAC addresses.   Installing a domain cert on each would be an option but not sure how this would be setup.

    Anyone have any thought on a better way?

    Thank you!


     


    Thursday, January 10, 2019 8:17 PM

All replies

  • Hi,

    Thanks for your question.

    Could you please tell me which way do you use for your ipad to be authorized now?

    Do you want to trigger in NPS for these specific ipads based on certificates?  I think it is better than use 'Calling-Station ID' .

    However, it use certificate, you may need to get certificate for your ipad first.  I think it will be more complex than use MAC address directly.

    Best Regards,

    Eric


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Friday, January 11, 2019 8:46 AM
  • Hi Eric

    I have an SSID called 'Company-iPADS' setup as below (which works).

    The conditional access in NPS is setup to trigger on 

    "Called Station ID" = 'Company-iPADS'

    "Windows Groups" = 'domain\ipad-users'

    "Calling Station ID" = "'00-00-00-00-00|00-00-00-00-01|00-00-00-00-02|00-00-00-00-03|etc...."

    "Client Friendly Name" = "AP1|AP2|AP3|AP4"

    Its the use of the MACs I want to avoid as they are quite awkward to manage, plus there is a limit on how many I can add.

    Again this all works but I gotta think there is a better way.


    • Edited by dazzerb Friday, January 11, 2019 11:37 AM
    Friday, January 11, 2019 11:37 AM
  • Hi,

    Thanks for your reply.

    According to my knowledge, you can try to use certificate.

    You need to apply for certificate for your ipad first.

    You can refer to this blog:

    https://blogs.technet.microsoft.com/pki/2012/02/27/connecting-ipads-to-an-enterprise-wireless-802-1x-network-using-certificates-and-network-device-enrollment-services-ndes/

    Best Regards,

    Eric


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, January 14, 2019 8:56 AM
  • Hi,

    Just checking in to see if the information provided was helpful.

    Please let us know if you would like further assistance.

    Best Regards,

    Eric


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, January 16, 2019 8:56 AM
  • Hi,

       

    Was your issue resolved?

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

       

    Best Regards,

    Eric


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, January 18, 2019 8:34 AM
  • Thank you,

    We will try the setup as per https://blogs.technet.microsoft.com/pki/2012/02/27/connecting-ipads-to-an-enterprise-wireless-802-1x-network-using-certificates-and-network-device-enrollment-services-ndes/

    Will report back on if it works out. (will take a few weeks).

    Thank you!



    Friday, January 18, 2019 12:10 PM
  • Hi,

    Thanks for your reply.

    Hope it could help.

    Looking forward to your feedback.

    Best Regards,

    Eric


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, January 21, 2019 8:23 AM
  • Hi,

       

    Was your issue resolved?

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

       

    Best Regards,

    Eric


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, January 25, 2019 9:15 AM