Windows Logon and 802.11 WPA2-Enterprise using WIndows account

Rolf3 · ‎07-21-2020

We switched from WPA2-PSK to WPA2-Enterprise for our wireless clients (laptops)
Laptops connect to the wireless network using the currently logged in account.

We’ve also set-up DUO MFa for local (interactive/console) logins.
The users are send a push message when they login and have an offline code available.

When in the office, since the laptop is not connected to the wireless network until logon, users are now asked for their offline MFA code.

Is there any way to still have them get send a push notification when using the internal wireless network?

I would even prefer a bypass for MFA all together when our users are at the office.
I.e. if a client is connecting from a specific IP-range.

How have other admins set up local Windows logons combined w/ Duo MFA and wireless 802.11x networks?

Chris_Jacobsen · ‎05-31-2023

How has this not been answered yet. I am also in the planning process to migrate from PSK to Enterprise User Auth as well and am running into a similar issue where if Duo is installed on a client, the client connected to our Guest network before login, while clients without Duo installed properly display that Wifi SSO will be attempting at login, and waits on my entrerprise wifi to connect.

Not seeing how we can effectively have a new user log into a wireless client the first time, and not allow our guest lan to communicate with our AD. Which is simply not going to happen.

Does Duo being installed completely break Window’s WPA2-Enterprise SSO on the login screen?