Setting up and managing device configurations using Intune
Yes. Configure an Intune Wi‑Fi Enterprise profile that uses a certificate-based authentication method instead of username/password. When the device already has the client certificate, Windows will connect using that certificate without prompting the user to choose “Connect using a certificate”.
High‑level steps for Windows devices:
- Deploy a client certificate to devices
- Use an Intune SCEP or PKCS client certificate profile so each device/user receives a certificate.
- Deploy a trusted root certificate
- Deploy a trusted root certificate profile that matches the CA used by the RADIUS/NPS server.
- Create an Enterprise Wi‑Fi profile in Intune
- Wi‑Fi type: Enterprise.
- Configure Wi‑Fi name (SSID) and connection options as needed.
- Under Authentication method, select a certificate option instead of Username and Password:
- SCEP certificate – select the SCEP client certificate profile.
- PKCS certificate – select the PKCS client certificate profile and the trusted root certificate.
- Optionally configure Certificate server names and Root certificates for server validation so users are not prompted with trust dialogs.
With this configuration, Windows uses the deployed certificate automatically for 802.1X authentication, and users only need to click Connect (or the device can connect automatically) without being prompted to switch from username/password to certificate.
References: