Authenticating to Wifi Without AD Username and Password

jesusislord14 · 2025-05-03T04:43:03.543Z

We have a secured wifi network at our company which uses Protected EAP with a windows username and password in order to perform the 802.1X authentication to our radius server. We are looking to do away with passwords. We have Windows Hello in place, but I am not seeing any group policies to allow us to authenticate to wifi using Windows Hello or a user certificate?

Rod-IT · 2025-05-03T09:45:40.626Z

You can definitely use certificates as this is how most enterprises setup their Wi-Fi.

This guide should help

Cisco 9800 802.1x + EAP-TLS using Windows Server CA and NPS – How I WI-FI

kevinhsieh · 2025-05-03T16:12:35.160Z

We authenticate the computers, and not the users. This way a user cannot authenticate a BYOD device. This also allows devices to be on network before a user logs on. Makes management a lot easier.

spiceuser-e8682 · 2025-05-13T15:41:39.903Z

I’d look into windows NPS using machine authentication with certs. I recently migrated our environment from Cisco ISE using PEAP to Windows NPS with EAP-TLS, and it’s been working great so far.

jesusislord14 · 2025-05-29T14:29:25.247Z

That makes sense, and I had thought of doing that, but was not sure if authenticating that way would comply with our security policies. I figured a user certificate would add one layer of complexity.

jesusislord14 · 2025-05-29T14:32:57.030Z

I know at one time we were using NPS, prior to ISE, but I think part of the reason for using ISE was for the sake of accounting and to have a unified solution that covers both wired and wireless devices as well as both dot1x and MAB devices

kevinhsieh · 2025-05-29T15:36:37.679Z

There shouldn’t be a difference between authenticating against ISE or NPS. Both use RADIUS.