Secure cloud wifi for Entra/Intune devices with Mist

It’s been an incredibly long time coming but at last I have a working proof of concept for an end-to-end entirely cloud-based enterprise wireless network.

March 18, 2024 · 8 min · 1502 words · Chris Beattie

Combining user and device certificates for wifi authentication in Intune

Modern security and wifi standards say we have to move to certificates but that’s a tall order for many, particularly if we need to replicate the user-level identification of a humble password.

February 12, 2024 · 7 min · 1444 words · Chris Beattie

NPS RADIUS with AADJ – Part 2

Updating the old ghost computer account sync script to get NPS working with Azure AD / Entra-joined devices again, but it’s a last gasp.

November 8, 2023 · 6 min · 1070 words · Chris Beattie

Microsoft Connected Cache (standalone) private preview

I’ve put this post together as an update for a number of schools who have asked me how we’re going on our Private Preview of MCC and will try to keep it generally updated on our progress. I’ll start with a bit of background though, for anyone new to this. You had me at DOINC The best product acronym Microsoft ever devised was DOINC, for the Delivery Optimisation In-Network Cache. This was a service that would store local copies of Windows and Office apps and updates so that client devices could access a fast, consistently-connected local copy rather than downloading from peers or over the Internet....

February 2, 2023 · 7 min · 1403 words · Chris Beattie

KB5014754 Certificate Confuddle

In a masterful stroke of irony, within days of me sharing my solution for NPS RADIUS with AADJ devices, itself made necessary because Microsoft doesn’t consider the needs of their cloud-first customers, they made a major change to how certificates work in Active Directory in KB5014754 without considering the needs of their cloud-first customers. This change breaks the mechanism my solution relies on to operate and while there is a workaround, it is only viable until the change kicks in....

June 9, 2022 · 6 min · 1076 words · Chris Beattie

Microsoft NPS RADIUS for AADJ devices

Microsoft’s Network Policy Server (NPS) has been running network authentication in the enterprise for decades but is now out of the loop when it comes to a modern cloud-first infrastructure. Using an inventive approach, I show that it is possible to overcome its recalcitrance and get it authenticating Azure AD-joined (AADJ) as well as on-prem AD clients. This is the long-form writeup of the project I presented at Microsoft’s Australia-wide Surface Gold & Lighthouse Virtual Event in May 2022....

April 29, 2022 · 14 min · 2827 words · Chris Beattie

The case of the red-handed router

These days it’s very common to have a single hardware device on the network acting as firewall / gateway / router / proxy / content filter; great for providing a high degree of security while saving cost. Some providers even offer the boon of a managed automatic update to these devices, which sounds great - I mean, why wouldn’t you want to be automatically patched against a vulnerability as soon as there’s a fix or take advantage of new features as soon as they’re available?...

July 19, 2013 · 5 min · 1054 words · Chris Beattie