Enable 802.1x wired authentication, Lanprofile policy element – Microsoft Surface Hub 2 SmCamera User Manual

Enable 802.1x wired authentication

Article • 03/16/2023 • Applies to: Surface Hub, Surface Hub 2S

The

November 14, 2017 update to Windows 10

(build 15063.726) enabled 802.1x

wired authentication policy configuration on Surface Hub devices. The feature allows
organizations to enforce standardized wired network authentication using the

IEEE

802.1x authentication protocol

. This was already available for wireless authentication

using

WLAN profiles

via MDM or provisioning package. This topic explains how to

configure a Surface Hub for use with wired authentication.

Enforcement and enablement of 802.1x wired authentication on Surface Hub can be
done through MDM

OMA-URI profiles

or provisioning package.

The primary configuration to set is the

LanProfile

policy. Depending on the

authentication method selected, other policies may be required, either the

EapUserData

policy or through MDM policies for adding user or machine certificates (such as

ClientCertificateInstall

for user/device certificates or

RootCATrustedCertificates

for device

certificates).

To configure Surface Hub to use one of the supported 802.1x authentication methods,
utilize the following OMA-URI.

This OMA-URI node takes a text string of XML as a parameter. The XML provided as a
parameter should conform to the

Wired LAN Profile Schema

including elements from

the

802.1X schema

.

In most instances, an administrator or user can export the LanProfile XML from an
existing PC that is already configured on the network for 802.1X using this following
NETSH command.

LanProfile policy element

./Vendor/MSFT/SurfaceHub/Dot3/LanProfile

netsh lan export profile folder=.