Os seguintes fornece a solução para a instalação híbrida do Intune. Infelizmente, ele não pôde ser implementado para a implantação do Intune baseada na nuvem. Então, acabei criando a configuração OMA-URI para dispositivos Android com base nas informações do blog (graças a Scott Breen para o seu post no blog).
Importante: substitua os valores a seguir na configuração OMA-URI
-
Corporate WiFi: deve ser o nome do seu nome SSID do WiFi -
1234567890ABCDEF: deve ser hexadecimal do seu nome SSID WiFi ( hex caso exato do nome SSID) -
00 11 22 33 44 55 66 77 88 99 00 AA BB CC DD EE FF 00 11 22: hash SHA-1 do certificado da CA raiz
Configuração do OMA-URI
Nome da configuração: Corporate WiFi (substitua isso pelo seu SSID)
Tipo de data: String
OMA-URI (sensível a maiúsculas e minúsculas): ./Vendor/MSFT/WiFi/Profile/Corporate WiFi/Settings (substitua Corporate WiFi pelo seu SSID)
Valor: (substitua os valores mencionados anteriormente)
<?xml version="1.0"?>
<WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1">
<name>Corporate WiFi</name>
<SSIDConfig>
<SSID>
<hex>1234567890ABCDEF</hex>
<name>Corporate WiFi</name>
</SSID>
</SSIDConfig>
<connectionType>ESS</connectionType>
<connectionMode>auto</connectionMode>
<MSM>
<security>
<authEncryption>
<authentication>WPA2</authentication>
<encryption>AES</encryption>
<useOneX>true</useOneX>
<FIPSMode xmlns="http://www.microsoft.com/networking/WLAN/profile/v2">false</FIPSMode>
</authEncryption>
<PMKCacheMode>disabled</PMKCacheMode>
<preAuthMode>disabled</preAuthMode>
<OneX xmlns="http://www.microsoft.com/networking/OneX/v1">
<cacheUserData>false</cacheUserData>
<authMode>User</authMode>
<EAPConfig>
<EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
<EapMethod>
<Type xmlns="http://www.microsoft.com/provisioning/EapCommon">13</Type>
<VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId>
<VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType>
<AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId>
</EapMethod>
<Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
<Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1">
<Type>13</Type>
<EapType xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV1">
<CredentialsSource>
<CertificateStore>
<SimpleCertSelection>true</SimpleCertSelection>
</CertificateStore>
</CredentialsSource>
<ServerValidation>
<DisableUserPromptForServerValidation>false</DisableUserPromptForServerValidation>
<ServerNames></ServerNames>
<TrustedRootCA>00 11 22 33 44 55 66 77 88 99 00 AA BB CC DD EE FF 00 11 22 </TrustedRootCA>
</ServerValidation>
<DifferentUsername>false</DifferentUsername>
<PerformServerValidation xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">false</PerformServerValidation>
<AcceptServerName xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">false</AcceptServerName>
<TLSExtensions xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">
<FilteringInfo xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV3">
<CAHashList Enabled="true">
<IssuerHash>00 11 22 33 44 55 66 77 88 99 00 AA BB CC DD EE FF 00 11 22 </IssuerHash>
</CAHashList>
<EKUMapping>
<EKUMap>
<EKUName>Encrypting File System</EKUName>
<EKUOID>1.3.6.1.4.1.311.10.3.4</EKUOID>
</EKUMap>
<EKUMap>
<EKUName>Secure Email</EKUName>
<EKUOID>1.3.6.1.5.5.7.3.4</EKUOID>
</EKUMap>
</EKUMapping>
<ClientAuthEKUList Enabled="true">
<EKUMapInList>
<EKUName>Encrypting File System</EKUName>
</EKUMapInList>
<EKUMapInList>
<EKUName>Secure Email</EKUName>
</EKUMapInList>
</ClientAuthEKUList>
</FilteringInfo>
</TLSExtensions>
</EapType>
</Eap>
</Config>
</EapHostConfig>
</EAPConfig>
</OneX>
</security>
</MSM>
</WLANProfile>