Deploy a Wi-fi configuration profile using PowerShell and MS Graph

Picture

One of the great benefits of using PowerShell and the Microsoft Graph is the flexibility it introduces when quickly updating your Intune tenant. In this blog Im going to show how to use both of these to configure a Wi-Fi configuration profile for your Windows 10 and later devices. If you want to learn the basics and full capability of MS graph take a look at the Microsoft Learn module here 

What is Microsoft Graph? – Training | Microsoft Learn. Note that wi-fi profiles can also be configured specifically for iOS, MacOS and Android devices.So on to Wi-Fi profiles within Intune. Wi-Fi is a wireless network used by mobile devices to gain network access. Microsoft Intune includes built-in Wi-Fi settings that can be deployed to users and devices in your organization. So this scenario could be useful to your company when making Wi-Fi available to your employee’s or guests. This might be to either or both corporate or personally owned devices when on company sites. All Wi-Fi network connections are identified with a speciific SSID or Service Set Identifier so if you choose to not broadcast your SSID but you still want employees to automatically having access this could be a great option. It certainly stops the need to publish the information which could land in the hands of unwanted users and devices and means they dont need to know the password.

Steps to deployment. 
I will show two options for creating the Wi-Fi profile to use here. First using the Intune portal and a configuration template for ‘Windows 10 and later’ and then using the Graph API route to show you the comparison. 

1. Deployment using an Intune Configuration profile
So lets get into it. Log-in to your Intune tenant endpoint.microsoft.com and navigate to

Home > Devices > Device Profiles

Picture

Click the ‘Create profile’ option and progress through the pages as per below.
Choose ‘Windows 10 and Later

‘ and then ‘Templates

‘ for the Profile Type.

Picture

Below you will see a list of available configuration templates one of which is ‘Wi-Fi’. Select this and click ‘Create‘.

Picture

Next you input the details relevant to your specific wi-fi connection you want to push down to your devices. These settings are naturally important to ensure your devices can successfully automatically connect without interaction. 
Wi-Fi type: This can be Basic, Enterprise or Not configured. In this blog im only showing the Basic mode but if you choose to add Enterprise you have additional configuration options to choose including authentication and SSO choices.  
Wi-Fi name (SSID) : SSID is your unique network name you use to identify the network you are connecting to.
Connection name : This is the end user friendly name. The text you enter is the name users see when they browse the available connections on their device.

Connect automatically when in range: When Yes, devices connect automatically when they’re in range of this network. When No, devices don’t automatically connect
Connect to more preferred network if available : Only set this to yes if this is your preferred network connection available.
Connect to this network even when it is not broadcasting its SSID:Select Yes to automatically connect to your network, even when the network is hidden. Meaning, its service set identifier (SSID) isn’t broadcast publicly
Wireless Security Type: You enter the security protocol here used to authenticate devices on your network. Your options are:

  • Open (no authentication): Only use this option if the network is unsecured.
  • WPA/WPA2-Personal: A more secure option, and is commonly used for Wi-Fi connectivity. For more security, you can also enter a pre-shared key password or network key.

Pre-shared Key: Optional. Shown when you choose WPA/WPA2-Personal as the security type. When your organization’s network is set up or configured, a password or network key is also configured. Enter this password or network key for the PSK value. Enter an ASCII string that is 8-63 characters long or use 64 hexadecimal characters.
Company proxy settings:  Select to use this proxy settings option within your organization. The choices are None / : No proxy settings are configured Manually configure (Enter the proxy ip address and port number) / Automatically configure: Point to the URL of your proxy autoconfiguration (PAC) script. For example, enter http://proxy.contoso.com/proxy.pac.


Once configured hit the next button to assign to the required device group/s you want to deploy to then create the policy. And thats it. Intune will push the policy down to the selected device group at the next device check-in and this will be made available to your Windows 10/11 devices as shown in the wi-fi settings below. Here you will see the connection matches the Connection name above ‘BuildingAwifi‘.

Picture

2. Deployment using the Graph API

So the first thing you will need to do is register with the Graph API. You will also need to use a global admin account to connect and make updates to your tenant. As part of this method I am using two key PowerShell modules:
    – IntuneBackupandRestore (Find more details here – GitHub – jseerden/IntuneBackupAndRestore: PowerShell Module that queries Microsoft Graph, and allows for cross-tenant Backup & Restore actions of your Intune Configuration.)
          – You will also require the Microsoft.Graph.Intune PowerShell Module 
The basis of this approach is that you make use of a Wi-Fi configuration profile exported into a JSON file. This can be achieved using the IntuneBackupandRestore module written by John Sneerdon to take a backup of your profiles. This is a great way to build into your backup schedules and will help with your Intune automation. Take a look at the his GitHub to find out how this ca be achieved. GitHub – jseerden/IntuneBackupAndRestore: PowerShell Module that queries Microsoft Graph, and allows for cross-tenant Backup & Restore actions of your Intune Configuration.
Once you have your configuration profile backed up into JSON as shown below you can go ahead and modify this to match your Wi-Fi requirements. Remember the key details are SSID / Connection Name and Pre-shared key if there is one.  

Picture

The next step is to run PowershellISE as an administrator and run the commands and described below in the screen shots. 
I have broken the running of commands down to explain the various steps here. The first four lines will install the AD module onto your compueter, Install the MSGraph functions and install the IntuneBackupandRestore modules as highlighted. Select these lines and run using the ‘Run Selection’ button. As they install you will be prompted to trust the install. By selecting ‘Yes to all’  will mean you do not receive multiple prompts.

Picture

The next highlighted lines will set your execution level to enable you have enough permissions when running the modules, Import the MS Graph functions needed to connect and execute the changes to your specific Azure tenant and then prompt to sign-in to Azure as the Global administrator. Again select these lines only and click the ‘Run selection’ button. 

Picture

​After completing these successfully you now have a connection to your tenant to import the Wi-Fi profile using the JSON file. You achieve this by selecting and running the last PowerShell command as highlighted below. Its worth noting that you will need to ensure you only have the JSON files you want to import in the specified folder as indicated by the path in the command. Please change this as required for your implementation.

Picture

​To show you have completed this successfully you will first be updated within the PowerShellISE as shown below. The last step to follow is to confirm the profile has been imported within your Intune tenant and then open the profile to assign this to the required device groups. 

Picture

This confirms the profile exists within Intune.

Picture

​Confirmation that the profile has been pushed to your Windows device/s as shown within the network settings of the machine.

Picture

​Thanks for reading and hope this helps you move towards some automation. It is worth mentioning that by creating an initial export of your configuration files can be key as once created they can be easily modified and reused multiple times especially if you need to make changes or create more than one Wi-Fi profile.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.