Ensuring Seamless Wi-Fi Connectivity Before User Sign-In on Windows Devices with Microsoft Intune

---

Ensuring Seamless Wi-Fi Connectivity Before User Sign-In on Windows Devices

When managing shared devices, remote access scenarios, or kiosk setups, ensuring reliable network connectivity before a user signs in is crucial. Microsoft Intune offers the tools you need to deploy Wi-Fi profiles that allow machine (device) authentication and automatic reconnection, so your device is network-ready right from the sign-in screen.

Why Is This Important?

In traditional environments, Wi-Fi connectivity is often tied to the user profile. This can lead to problems when remote access or user switching happens before a network connection is established. Imagine trying to remotely sign in to a Windows 11 device, only to find that the Wi-Fi drops when another user logs in. If the Wi-Fi connection is not set up for machine authentication, the device may fail to connect to the network at the sign-in screen, causing frustration and delays.

By configuring Wi-Fi profiles via Intune that support machine-based authentication and automatic reconnection, you can ensure that the network is available as soon as the device boots up—well before a user logs in. This can prevent connectivity issues during remote sign-ins or off-hours maintenance.

Key Settings for Wi-Fi Profiles in Intune

When creating a Wi-Fi configuration profile in Microsoft Intune, there are several critical settings that you need to configure to ensure seamless connectivity. Let’s break them down:

1. Platform: Windows 10 and later (this applies to Windows 11 devices as well).
2. Profile Type: Choose Wi-Fi for the profile type.
3. Authentication Mode:
   • Machine: This setting allows the device (computer) to authenticate to the Wi-Fi network without needing a user to log in.
   • User: Wi-Fi authentication is handled after the user logs in.
   • User or Machine: A fallback setting. If no user is signed in, the device will authenticate to the network using machine credentials.
4. Connect Automatically When In Range: Enable this setting so the device will automatically attempt to connect to the Wi-Fi network when it’s in range, without requiring manual intervention from the user.
5. Single Sign-On (SSO): Enable the “Enable before user signs into device” option if available. This ensures that Wi-Fi network authentication takes place before the user logon process begins.

If you’re using enterprise-grade Wi-Fi (802.1x / EAP-TLS), you should also deploy certificate profiles (trusted root CA, and optionally SCEP or PKCS client certificates) in advance and reference these certificates in your Wi-Fi configuration profile.

How to Set It Up in Intune

Let’s walk through the process of configuring a Wi-Fi profile in Intune that ensures the device connects to the network even before the user logs in:

1. Prepare Your PKI Infrastructure: Make sure your root CA certificate is deployed via a Trusted Certificate Profile in Intune, so the device can authenticate to your Wi-Fi network using machine-based authentication.
2. Create and Deploy a SCEP or PKCS Certificate Profile: Target devices (not just users) with this certificate profile. This certificate will allow the device to authenticate to Wi-Fi without the need for a user to sign in.
3. Create the Wi-Fi Profile:
   • Navigate to Devices → Configuration Profiles → Create → Windows 10 and later → Wi-Fi.
   • Configure the SSID (network name), security type (e.g., WPA2/3-Enterprise), and ensure the Connect automatically option is checked.
   • Set the Authentication Mode to Machine or User or Machine.
   • Under Single Sign-On (SSO) settings, select Enable before user signs into device to allow Wi-Fi authentication before the user logon.
   • If using certificates, configure EAP-TLS and link it to the certificate profile you’ve created.
4. Assign the Profile to Devices: Ensure the profile is assigned to device groups rather than just user groups. This will ensure the profile is applied regardless of which user is logged in.
5. Test the Profile: Reboot a test device. At the Windows sign-in screen, check the Wi-Fi icon in the system tray. If everything is set up correctly, the device should show as connected even before you log in.
6. Remote Sign-In: With Wi-Fi already connected, remote sign-ins (such as RDP or Quick Assist) can proceed without any network issues.
7. Monitor the Deployment: Use Event Viewer → Applications and Services Logs → Microsoft → Windows → DeviceManagement-Enterprise-Diagnostic-Provider/Admin to verify the successful application of the Wi-Fi profile.

Troubleshooting Common Issues

Here are a few tips to help you troubleshoot if Wi-Fi isn’t connecting as expected before user logon:

• Wi-Fi Not Connecting Before Login? Ensure that the Wi-Fi profile is set to apply to All Users and not just the user who created it. If the profile is user-specific, it may not apply during the sign-in screen.
• Check the Wi-Fi Profile Application: Verify that the Wi-Fi profile is applied to the device, not just to the user. If it’s only user-based, machine authentication won’t occur until a user is logged in.
• Certificate Validation: If you’re using machine-based authentication, ensure that the certificate chain is valid and deployed correctly on the device. If the certificate profile isn’t correctly applied, Wi-Fi connectivity will fail.
• Conflicting Security Settings: Some advanced security settings (such as Credential Guard or Device Guard) might interfere with machine-based Wi-Fi authentication. If you’re running into issues, consider temporarily disabling these settings to test connectivity.
• Hidden SSID Networks: If you’re connecting to a network with a hidden SSID, make sure the Wi-Fi profile includes the setting to connect even when the SSID is not broadcasting.

Conclusion

By configuring device-based Wi-Fi profiles in Intune, you ensure that the device has network access as soon as it boots up, before a user signs in. This eliminates common issues related to network disconnections during remote sign-ins or off-hours maintenance. With the right Intune configuration, Wi-Fi connectivity will be seamless and available, allowing for a smooth user experience and eliminating interruptions during critical sign-in processes.

---