(144) Microsoft Intune - Setting Network to Domain Authenticated
- Mr B SOE way
- Sep 11, 2024
- 2 min read
Have been working with a customer who had issues sorting out their network out as it always displays as a 'Public Network' when in fact it should be a 'Private Network' or 'Domain Network'.
Microsoft have released a new configuration where it is possible to make Windows Firewall aware of the location of the device. The idea is to enable Windows to check if it's on a domain connected network based on the accessibilitiy of one or more URLs are available. Windows will switch the Windows Firewall profile to domain. When none of the URLS are available, Windows will rely on the public profile.
Steps
1. Navigate to Microsoft Intune portal, select Devices then select By platform: Windows then select Configuration profiles. 2. Select Create then select New Policy then select By platform: Windows 10 and later and Profile type: Settings Catalog then select Create. 3. In the search, search for the following for Network List Manager
Setting | Description |
Allowed Tls Authentication Endpoints | This policy setting controls the list of URLs to endpoints that are only accessible within the corporate network. Multiple URLs can be separated by using the unicode character 0xF000. When any of the URLs can be resolved over HTTPS, the network will be considered authenticated. |
Configured Tls Authentication Network Name | This policy setting controls the string that is to be used to name the authenticated network. That network is authenticated against one of the endpoints that are listed in AllowedTlsAuthenticationEndpoints setting. |
Note: With 'TLS Authentication Endpoint', the URL must not have any authentication checks ( example: no login or MFA), the URL must be an internal address (not accessible outside the corporate network), the client device must trust the server certificate (trusted root certificate), and the certificate shouldn’t be a public certificate.
After the policy has been applied to the device, restart the device then run PowerShell with the following command: Get-NetConnectionProfile and you will see this result.
Comments