Cloud Managed Networks

Hi all - IT Support Analyst who's very new to Aruba, at a company that's in the middle of migrating our network infrastructure from Cisco, to Aruba Central and associated hardware.

All help and answers are greatly appreciated and warmly welcomed.

My question

Within a Microsoft AD/Entra (Hybrid) environment, using Intune managed Windows (10/11) workstations and Android devices - is there any known way to automate the deployment of the Enterprise Passport Profile for each user device, including where not already installed?

And if there is a method available, how is this done, and where is the documentation that explains how to do it?

Summary

Our core problem is actually getting our users to install the Enterprise Passpoint profile, so the identity-based access control works as intended.

Whilst installing the Aruba Network Onboard Client on all workstations and mobile via Intune has been without issue; there seems to be no way to automate installation of the network profile.

The external network engineer engaged by our vendor partner has stated they know of no way to automate deployment of the profile, stating it can't be done, and it's best to have each user install the profile themselves.

We're a Non-Government social services organisation; whose user cohort is spread out over a significant area (a whole state); and having a diversity of skills that range from absolute novice, up to technically proficient and can solve most issues without calling for support as a result of followed available documentation/resources first. Our resource base and geographic spread, plus the nature of the workforce, does not permit us to visit or remote to every user and do this for them.

And it's this novice cohort however that makes up the largest proportion of our user base (>60%). Despite all the well-crafted and clear communications, backed up by instructional documentation that's simple and caters to every learning (VAK) style - they still struggle to understand they have to install the network profile to each device they use, preferably before the first time they have to use the new network.

This can lead to 10-20min+ support calls, multiple times a day during our staged migration program across our 30+ locations; from affirming the issue, getting the user on the network temporarily via MAC registration (never ideal), reboot, and connect remotely to install the profile, before removing the manual MAC registration to close the security holes.

Ideally - we'd like to just deploy the Enterprise Passpoint profile to all workstations and mobile devices managed via Intune, either using Intune or another centralised method, that has the benefits of a better user experience, whilst removing workload demand from support calls, and reducing user downtime impacts.

I've also struggled with finding the relevant documentation which explains network profile deployment (likely due to not knowing or finding the right terms or places to look for it.

I would use device manager, like Intune to get your clients configured. I'm not sure if Passpoint profiles can be provisioned through there, but WLAN and Wired network profiles including 802.1X settings and retrieval of client certificates can be realized. Unsure what exactly you would need Passpoint for, as it's not widely used outside some niche situations.

If you have device management, I'd prefer that over any manual provisioning for the reasons that you mention already. A proper setup device management will handle everything without any user interaction.

Hi all - IT Support Analyst who's very new to Aruba, at a company that's in the middle of migrating our network infrastructure from Cisco, to Aruba Central and associated hardware.

All help and answers are greatly appreciated and warmly welcomed.

My question

Within a Microsoft AD/Entra (Hybrid) environment, using Intune managed Windows (10/11) workstations and Android devices - is there any known way to automate the deployment of the Enterprise Passport Profile for each user device, including where not already installed?

And if there is a method available, how is this done, and where is the documentation that explains how to do it?

Summary

Our core problem is actually getting our users to install the Enterprise Passpoint profile, so the identity-based access control works as intended.

Whilst installing the Aruba Network Onboard Client on all workstations and mobile via Intune has been without issue; there seems to be no way to automate installation of the network profile.

The external network engineer engaged by our vendor partner has stated they know of no way to automate deployment of the profile, stating it can't be done, and it's best to have each user install the profile themselves.

We're a Non-Government social services organisation; whose user cohort is spread out over a significant area (a whole state); and having a diversity of skills that range from absolute novice, up to technically proficient and can solve most issues without calling for support as a result of followed available documentation/resources first. Our resource base and geographic spread, plus the nature of the workforce, does not permit us to visit or remote to every user and do this for them.

And it's this novice cohort however that makes up the largest proportion of our user base (>60%). Despite all the well-crafted and clear communications, backed up by instructional documentation that's simple and caters to every learning (VAK) style - they still struggle to understand they have to install the network profile to each device they use, preferably before the first time they have to use the new network.

This can lead to 10-20min+ support calls, multiple times a day during our staged migration program across our 30+ locations; from affirming the issue, getting the user on the network temporarily via MAC registration (never ideal), reboot, and connect remotely to install the profile, before removing the manual MAC registration to close the security holes.

Ideally - we'd like to just deploy the Enterprise Passpoint profile to all workstations and mobile devices managed via Intune, either using Intune or another centralised method, that has the benefits of a better user experience, whilst removing workload demand from support calls, and reducing user downtime impacts.

I've also struggled with finding the relevant documentation which explains network profile deployment (likely due to not knowing or finding the right terms or places to look for it.

I'm in a similar situation.  I sucessfully set up a WPA3-Enterprise(CNSA) SSID with Cloud Auth through Entra.  I can manually download and install the profile on my test machine.  I have made the HPE Aruba Networking Onboard app deployable through Intune.  How can I automate the onboarding process?  Can I connect Intune to Central so I can have the certs generated and pushed out to the client devices?

Thanks!

I would use device manager, like Intune to get your clients configured. I'm not sure if Passpoint profiles can be provisioned through there, but WLAN and Wired network profiles including 802.1X settings and retrieval of client certificates can be realized. Unsure what exactly you would need Passpoint for, as it's not widely used outside some niche situations.

If you have device management, I'd prefer that over any manual provisioning for the reasons that you mention already. A proper setup device management will handle everything without any user interaction.

Hi all - IT Support Analyst who's very new to Aruba, at a company that's in the middle of migrating our network infrastructure from Cisco, to Aruba Central and associated hardware.

All help and answers are greatly appreciated and warmly welcomed.

My question

Within a Microsoft AD/Entra (Hybrid) environment, using Intune managed Windows (10/11) workstations and Android devices - is there any known way to automate the deployment of the Enterprise Passport Profile for each user device, including where not already installed?

And if there is a method available, how is this done, and where is the documentation that explains how to do it?

Summary

Our core problem is actually getting our users to install the Enterprise Passpoint profile, so the identity-based access control works as intended.

Whilst installing the Aruba Network Onboard Client on all workstations and mobile via Intune has been without issue; there seems to be no way to automate installation of the network profile.

The external network engineer engaged by our vendor partner has stated they know of no way to automate deployment of the profile, stating it can't be done, and it's best to have each user install the profile themselves.

We're a Non-Government social services organisation; whose user cohort is spread out over a significant area (a whole state); and having a diversity of skills that range from absolute novice, up to technically proficient and can solve most issues without calling for support as a result of followed available documentation/resources first. Our resource base and geographic spread, plus the nature of the workforce, does not permit us to visit or remote to every user and do this for them.

And it's this novice cohort however that makes up the largest proportion of our user base (>60%). Despite all the well-crafted and clear communications, backed up by instructional documentation that's simple and caters to every learning (VAK) style - they still struggle to understand they have to install the network profile to each device they use, preferably before the first time they have to use the new network.

This can lead to 10-20min+ support calls, multiple times a day during our staged migration program across our 30+ locations; from affirming the issue, getting the user on the network temporarily via MAC registration (never ideal), reboot, and connect remotely to install the profile, before removing the manual MAC registration to close the security holes.

Ideally - we'd like to just deploy the Enterprise Passpoint profile to all workstations and mobile devices managed via Intune, either using Intune or another centralised method, that has the benefits of a better user experience, whilst removing workload demand from support calls, and reducing user downtime impacts.

I've also struggled with finding the relevant documentation which explains network profile deployment (likely due to not knowing or finding the right terms or places to look for it.