Friday, 29 May 2015

Microsoft Intune - Create WiFi profiles with pre-shared keys for Android devices

EMS Landing page

I've just tested one of the new Intune features that was added in April's service update and it works really well. You can find full details of those features here

We have now been given the ability to create WiFi profiles with pre-shared keys (PSK) for Android devices. 



Previously when we created an Android WiFi policy the only available authentication options were Certificates or Username/Password. Now we can configure a WiFi profile with pre-shared keys using Android Custom Policies. 

So how do we do that. You can find a full description in this TechNet Library article

Use Android custom policies to manage device settings with Microsoft Intune

Lets have a go at this.



In the Intune Portal navigate to Policy > Configuration Policies. Click to Add a new policy.


Open the Android templates but, instead of choosing WiFi Profile, select Android Custom Policy.


Enter a name and description for the policy. See the section for OMA-URI (Add one or more OMA-URI settings that control functionality on Android devices). Those of us that work with ConfigMgr are already familiar with this concept on Windows Phone devices.

Click on Add - now the fun starts.


What is this all about? OK we have to enter a name and description for this setting. but what about the rest. We are given some guidance in the TechNet article.


Have a look at the data types. We will be using XML so we choose "String XML". 

The OMA-URI (which is case sensitive) must be the following format:

./Vendor/MSFT/WiFi/Profile/<Wi-Fi profile>/Settings

where <Wi-Fi profile> is a unique name for the profile.

What about the value? Microsoft have given us a template in the TechNet article. However we don't need it. We can generate our own XML file.

Here's a good tip from the field:

On your laptop navigate to

%SYSTEMDRIVE%\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces\{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}\{Random-GUID}.xml

where {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} corresponds to the network adapter GUID. 

For every wireless configuration, there is a separate XML file with a random GUID as its name. 


 Open them up and have a look.


Here's one of mine. Find a profile that you want to deploy and open the XML file.

See the section:

<keyMaterial>01000000D08C9DDF0115D1118C7A00C04FC297etc</keyMaterial>
            </sharedKey>


This is the encrypted shared key. All you have to do is replace between the brackets with your shared key.....


....and paste the xml into the Value window. Click OK to save the setting.


Edit 29th May 2015:  

Johnathon Biersack has created a really cool XML Generator that we can use to create the XML file.

Download and read about this tool here

This is what is looks like:

 

 End of edit.

Save the Policy (Gerry WiFi Profile).


Choose Yes to deploy the policy now......


....and deploy to your Android devices. 


In time we get notification from the Intune Company Portal on the Android device that networks have been configured for the workplace.


There it is. Gerry WiFi profile is available for use. This is very slick.



1 comment:

  1. Hi,

    Thanks for your instructions, it works well. Too well actually: the notification that Networks have been configured pops up everytime the deployment schedule is being hit. Do you have any idea how to make that go away?

    Cheers,
    Thomas

    ReplyDelete