EAP-TLS or EAP-TEAP with certificate authentication must be utilized as authentication method as EAP-PEAP with MSCHAPv2 is based on NTLM and the old protocols associated with NTLM is deprecated in Entra ID.
The guides are available in the Networking support portal, https://networkingsupport.hpe.com/globalsearch#q=intune&tab=Documents
The certificates must include either the Intune ID (for computer certificates) or Entra ID (for user certificates) in the SAN field of the certificate. If you are only using machine certificates, you can't do any Entra ID lookups.
In the role mapping policy you can utilize the group attribute returned from Entra ID and create similar role mappings as you have today based on your Active Directory groups.
------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------
Original Message:
Sent: Jan 08, 2026 04:08 AM
From: walterng
Subject: Planning using ClearPass integration with EntraID and Intune
We are using on-perm AD for the authorization with clearpass.
We are planning migrate to entraID and intune to access the wifi with clearpass.
But we just find the very old guideline/video for this.
Anyone can provide more information or guideline to us?
- using EAP-TLS with intune certificate is necessary? if we want to use EntraID for authorization.
- for our environment, access difference vlan by group user on same SSID. How to setup the enforcement policy to achieve same result?
-------------------------------------------