Microsoft Security | Intune | Other
Other Intune-related topics, including unsupported scenarios and platform-specific behaviors
Windows 11 24H2 - 802.1x Authentication not working for certificates generated by NDES server
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 36%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
Sam Brookes
5
Reputation points
Machines in our environment that are upgraded to Windows 11 24H2 can not use certificates generated by our NDES server to authenticate using 802.1x against Cisco ISE.
No problems on Windows 11 23H2, they get the same GPO's/Intune Policies as a machine on Windows 11 24H2 would.
The NDES certificate has the certificate hardening Tag so match it to it's AD computer object, not receiving errors on the DC.
If i enroll a machine certificate for client authentication directly from AD using a template, i am able to authenticate without issues.
I don't even see attempts to use the certificate to authenticate in ISE, i only see attempts to use the Mac address, so cannot troubleshoot from there.
Network captures just show EAP failure, no information as to why.
It feels almost as if the PC isn't able to present it's NDES machine certificate for authentication, hence why I'm not seeing it in ISE
Any ideas would be massively appreciated as i'm pulling my hair out over this one, raised a ticket but just sent me links to articles i've read 53909286094 times.
Microsoft Security | Intune | Other
{count} vote
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 90%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Pauline Mbabu 1,785 Reputation points Microsoft Employee2025-11-24T23:22:52.9666667+00:00 Hello Sam,
Thank you for reaching out. It's been sometimes since you raised the support ticket and I wanted to check and find out if you were unblocked. If not kindly share the support ticket number for further investigations.
Sign in to comment
Sign in to answer