Microsoft Portals
      Back to home
      1. Help Center
      2. Microsoft Portals

      How to configure network to be Domain Authenticated in Microsoft Intune?

      Overview

      This knowledge base article provides step-by-step instructions on how to get Entra joined devices set to a domain connected network using Microsoft Intune with the help of Allowed TLS Authentication Endpoints.

      If you are situated at home, your network will look like this.

      Microsoft have released a new configuration where it is possible to make Windows Firewall aware of the location of the device. The idea is to enable Windows to check if it's on a domain connected network based on the accessibility of one or more URLs are available. Windows will switch the Windows Firewall profile to domain. When none of the URLS are available, Windows will rely on the public profile.

      Steps 

      1. Navigate to Microsoft Intune portal, select Devices then select By platform: Windows then select Configuration profiles.

      2. Select Create then select New Policy then select By platform: Windows 10 and later and Profile type: Settings Catalog then select Create.

      3. Under Basics tab, enter the following:
      Name: Set Network Profile to 'Domain'
      Description: Set Network Profile to 'Domain'
      Then select Next.

      4. Under Configuration settings tab, select Add settings. In the search for a setting, enter in site to zone then select Search. Click on Network List Manager.


      Name Description
      Allowed Tls Authentication Endpoints This policy setting controls the list of URLs to endpoints that are only accessible within the corporate network. Multiple URLs can be separated by using the unicode character 0xF000. When any of the URLs can be resolved over HTTPS, the network will be considered authenticated.
      Configured Tls Authentication Network Name This policy setting controls the string that is to be used to name the authenticated network. That network is authenticated against one of the endpoints that are listed in AllowedTlsAuthenticationEndpoints setting.

      For Allowed Tls Authentication Endpoints, enter the following URL, example: https://devicie.com
      For Configured Tls Authentication Network Name, enter the following: Devicie Development Network

      5. Under Scope tags tab, leave as default then select Next.

      6. Under Assignments tab, select your assignments and choose Next.
      7. Under Review + create, review the settings then select Create.

      8. Then go to Company Portal, sync the device.
      9. Restart the device. Then type in PowerShell: Get-NetConnectionProfile