Android 14 - Android Enterprise WiFi Profile Issues - Microsoft Intune
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2023 11:18 AM
With the latest Android 14 - new Microsoft Intune Android Enterprise device enrollments are not receiving the WiFi configuration profile. Android 13 and later will receive the WiFi profile and connect to the hidden SSID with no issue.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-20-2023 12:12 PM
Hello @Isaac_luna,
Welcome to the Customer Community.
Just an initial thought on this, I wonder if configuring to add the domain name, as talked about in this community post, may help here?
Thanks,
Lizzie
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-21-2023 02:53 PM
Hi @Lizzie.
Thank you for this recommendation. We have our WiFi config profile set up with the CA root and server domain names.
Isaac
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-22-2023 10:10 AM
hello @Lizzie,
I have the same problem as Isaac.
On devices enrolled in Intune, with Android 13, update to Android 14, and it continues to work fine.
On devices with android 14, enrolling it, it fails.
in the Wifi profile we also had the Radius servers and the root CA certificate
in the settings, User certificates, we see that the WiFi certificates aren't being installed.
thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-22-2024 07:31 PM
We are having the same issue on our Samsung devices with Android 14. The same SCEP & Wi-Fi profile works fine on Android 13, but it's hit & miss on Android 14 (OneUI 6) devices 😞
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2024 05:07 AM
We have found a workaround to our Wi-Fi (EAP-TLS) issue by adding the Root CA Cert in our Samsung KME (Knox Mobile Enrolment)'s profile just to make sure the cert is deployed and trusted by the device before SCEP & Wi-Fi profile is deployed to the device. According to Microsoft, if the SCEP / Wi-Fi profile arrives before the Trusted Certs profile, the Wi-Fi (EAP-TLS) won't work until the device re-check with Intune again (next check-in is 8 hours away, and no you can't do manual sync for corporate-owned, fully managed user devices)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-05-2024 09:40 AM
Intune doesn't offer the ability to have payload installation priority or prerequisites to install one payload before the other is attempted? It also doesn't allow for force syncs on fully managed devices? If both of those are true I'm adding them to my long list of reasons why Intune should not be used for fully managed Android devices. So many organizations fall into the trappings of Intune not realizing how ineffective it is at managing line of business devices. I can't imagine telling and end customer they'll just have to wait another 8 hours and see if it works the next time in a mission critical environment.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2024 04:06 AM
Hi, has anyone solved this problem?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2024 05:28 AM
hello,
it seems that there has been a modification by google, and there is a limit of characters in the total of the radius servers.
modify the radius servers, adding only the subdomain, this way it is working fine for us:
radius servers:
contoso.contoso2.com
cantasa.contoso2.com
replace by:
*contoso2.com
I hope it helps you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-04-2024 02:31 AM
I was also facing this issue. Key point in my case was to add an UPN in the linked SCEP certificate - e.g. like this:
The Wi-Fi profile looks like the following. From my point of view, key points are:
- define radius server name (there might also be a character limit as mentioned by @Oski_92, to avoid issues you might just use the TLD like "contoso.com")
- select Root certificate for server validation (not the server certificate of the RADIUS itself)
- sometimes identity privacy is needed
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-04-2024 04:13 AM
* domain without subdomain (not TLD)
- restrict android personal profile in Admin discussions
- Unlinking Zero-Touch from MDM provider in Admin discussions
- Managed Google Play Android enrollment by intune.microsoft.com in Admin discussions
- Microsoft Intune bind - Something went wrong - Your account wasn't created in Admin discussions
- Microsoft azure and Android enterprise api accounts in Admin discussions