When creating a new Wi-Fi profile for “Android Enterprise personally owned devices with a work profile” via Intune:
You don’t have the option of specify a password for your Wi-Fi network!
Instead of “Basic” you could go with “Enterprise” but that only lets you specifiy certificates.
A quick Google search takes you to the Microsoft docs that give the impression you can’t configure this via Intune. A bit more Googling takes you to some Reddit posts where people talk about OMA-URI to configure this, but you have no idea what to do. Even more Googling finally lets you piece things together.
Hopefully this blog post lets other skip all the extra Googling. :)
The OMA-URI way of creating a Wi-Fi profile is detailed in this Microsoft doc. You could follow that, as well as the example there, but I find my way to be better.
This assumes you have access to a Windows machine. If you do, create a Wi-Fi profile for the network you want your Android devices to connect to.
Fill it up with the password etc.
Then open a command prompt and export it.
1 |
netsh wlan export profile name="MyAwesomeNetwork" key=clear |
The result is an XML file.
Which looks like this (I have highlighted my network name and passphrase):
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
<?xml version="1.0"?> <WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1"> <name>MyAwesomeNetwork</name> <SSIDConfig> <SSID> <hex>4D79417765736F6D654E6574776F726B</hex> <name>MyAwesomeNetwork</name> </SSID> <nonBroadcast>true</nonBroadcast> </SSIDConfig> <connectionType>ESS</connectionType> <connectionMode>auto</connectionMode> <MSM> <security> <authEncryption> <authentication>WPA2PSK</authentication> <encryption>AES</encryption> <useOneX>false</useOneX> </authEncryption> <sharedKey> <keyType>passPhrase</keyType> <protected>false</protected> <keyMaterial>acracadabra</keyMaterial> </sharedKey> </security> </MSM> </WLANProfile> |
Now create a new configuration profile in Intune. But select a custom one.
Click Add.
Fill it thus:
The OMA-URI is of the format ./Vendor/MSFT/WiFi/Profile/SSID/Settings
. Replace SSID with the network nam like I did above.
The Data type is “String”. Not “String (XML file)”.
And copy paste the contents of the previously downloaded XML file into the Value field.
Click “Save”.
And that’s it. Continue with creating the profile as usual, and you are sorted.
You could create the XML file manually too, by following Microsoft’s example file. Bear in mind, you should convert spaces in the SSID to %20
like in the document. And all examples seem to indicate you mustn’t encrypt the passphrase, as Intune would throw a 0x87d1fde8 error for the configuration profile on the device in this case, so keep that in mind too.