Create a User Level Windows WiFi Configuration Policy

Use this policy to deploy WiFi settings to enrolled Windows devices to specific user profiles on the device. This policy can push network names (SSIDs), security types (like WPA2-Personal or Enterprise), passwords, and auto-connect settings without user interaction. 

Note:

This is a user level policy that applies to a user's profile across managed devices. You can bind this policy to individual users or user groups. For policies that apply system-wide to a device and all of its users, see Get Started: Policies and Learn More section of this article.

Prerequisites

  • Target devices must be running Windows 10 version 1511 (10.0.10586) or later. This policy is supported on the following Windows editions:
    • Windows Pro
    • Windows Enterprise
    • Windows Education
    • Windows SE
    • IoT Enterprise
    • IoT Enterprise LTSC
  • For more information on device compatibility, see Agent Compatibility, System Requirements, and Impacts.

Considerations

  • No additional action is needed to activate the policy once it is applied to target devices.

Creating the Policy

To create the Wifi Configuration policy for Windows devices, do the following:

Selecting the Policy Template

  1. Log in to the JumpCloud Admin Portal.
  2. Go to Device Management > Policy Management.
  3. Click + Add New and select User Policy.
  4. On the New Policy panel, select the Windows tab.
  5. Select WiFi Configuration policy from the list, then click configure.

Configuring the Policy

In the Settings section, configure the following policy options:

  • SSID: Name of the wireless network.
    The maximum length of an SSID can be 32 characters.
    Note: Spaces within the SSID are counted as three characters each. For example, an SSID like "My Network" would use 11 characters (8 for "MyNetwork" and 3 for the space - considering space as %20).
  • Auto-Join: This option enables the device to automatically connect to the Wi-Fi network when in range.
  • Hidden Network: Enable this option to connect to a WiFi network with a hidden SSID. 
  • Security Type: Select the appropriate security protocol that matches your WiFi network's configuration. Additional options appear depending on your selection:
    • Open: Selecting this option enables any device to join the WiFi network.
    • WPA2-Personal AES: Selecting this option displays the Password field where you can enter the password (PSK) for the WiFi network.
    • WPA2-Enterprise / WPA3-Enterprise / WPA3-Personal AES: Selecting any of these options enables the following additional security options:
      • Authentication Mode: Specifies the type of credentials used for authentication:
        • Machine: The device authenticates to the network. 
        • User: The user authenticates to the network. 
        • Machine or User: Use machine or user credentials. When a user is logged on, the user's credentials are used for authentication. When no user is logged on, machine credentials are used.
      • CA Thumbprints: This is the root certificate thumbprint and it is a 20-byte SHA1 certificate hash in hexadecimal.
      • Trusted Servers: List of client trusted servers separated by semicolons.
      • Certificate Issuer: Enable this option to enter the root CA thumbprints for the certificates you want to allow on a client for authentication. When this option is selected, the following fields are displayed:
        • Certificate Issuer CA Thumbprints: Provide the Issuer CA Thumbprint, which is the root certification authority that allows client authentication.
      • Disable User Prompt for Server Validation: Enable this option to automatically trust the server certificate, which will prevent a security prompt.
      • PMK Caching: Enable this option to have the client cache the Pairwise Master Key (PMK) for the network. Caching the PMK allows for faster reconnection to the same network. When this option is selected, the following fields are displayed:
        • PMK Cache Time to Live: The lifetime of the PMK cache in minutes. Minimum 5mins and maximum 1440 mins are allowed.
        • PMK Cache Size:  Number of entries in PMK cache. Maximum 255 entries are allowed.

Applying the Policy

  • (Optional) Select the Policy Groups tab. Select one or more policy groups where you want to add this policy. 
  • Select the User Groups tab.  Select one or more user groups where you want to apply this policy. For user groups with multiple OS member types, the policy only applies when a user logs into a supported Windows device that is enrolled in MDM.
  • Or, select the Users tab. Select one or more users to whom you want to assign this policy.
  • Click Create Policy. A success message is displayed indicating the completion of policy creation.

Viewing Policy Status

  1. Select the Status tab.
  2. To see the last Result Log for a device where this policy is applied, click view.

Note:
  • If any errors occur, they're listed in Exit Status. If you have an Exit Status of 0, no errors occurred when applying or enforcing this policy.
Back to Top

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case