使用 Microsoft Intune 自訂裝置設定檔,使用預先共用金鑰建立 Wi-Fi 設定檔Use a Microsoft Intune custom device profile to create a Wi-Fi profile with a pre-shared key

適用於︰Azure 上的 IntuneApplies to: Intune on Azure
您需要傳統主控台中之 Intune 的相關文件嗎?Looking for documentation about Intune in the classic console? 請移至這裡Go to here.

以下是如何使用 Intune 的自訂裝置設定檔建立附有預先共用金鑰的 Wi-Fi 設定檔。Here's how to use Intune’s Custom device profiles to create a Wi-Fi profile with a pre-shared key. 此主題也包含如何建立 EAP 型 Wi-Fi 設定檔的範例。This topic also has an example of how to create an EAP-based Wi-Fi profile.

注意
  • 您可能會發現從連線到該網路的電腦複製程式碼較輕鬆,如下所述。You might find it easier to copy the code from a computer that connects to that network, as described below.
  • 若是 Android,您也可以選擇使用 Johnathon Biersack 提供的這個 Android PSK 產生器For Android, you also have the option of using this Android PSK Generator provided by Johnathon Biersack.
  • 您可以新增更多 OMA URI 設定,以新增多個網路和金鑰。You can add multiple networks and keys by adding more OMA-URI settings.
  • 若為 iOS,請使用 Mac 站上的 Apple Configurator 來設定設定檔。For iOS, use Apple Configurator on a Mac station to set up the profile. 或者,使用 Johnathon Biersack 提供的這個 iOS PSK 行動設定產生器Alternatively, use this iOS PSK Mobile Config Generator provided by Johnathon Biersack.
  1. 若要為 Android 或 Windows 建立附有預先共用金鑰的 Wi-Fi 設定檔或或採用 EAP Wi-Fi 設定檔,請在建立裝置設定檔時,為該裝置平台 (而不是 Wi-Fi 設定檔) 選擇 [自訂]。To create a Wi-Fi profile with a pre-shared key for Android or Windows or an EAP-based Wi-Fi profile, when you create a device profile choose Custom for that device platform rather than a Wi-Fi profile.

  2. 提供名稱和描述。Provide a name and description.

  3. 加入新的 OMA-URI 設定︰Add a new OMA-URI setting:

    a.a. 輸入此 Wi-Fi 網路設定的名稱。Enter a name for this Wi-Fi network setting.

    b。b. 輸入 OMA-URI 設定的描述,或者保留空白。Enter a description of the OMA-URI setting or leave blank.

    c.c. 資料類型︰設為 [字串]。Data Type: Set to String.

    d.d. OMA-URIOMA-URI:

    • 適用於 Android:./Vendor/MSFT/WiFi/Profile//SettingsFor Android: ./Vendor/MSFT/WiFi/Profile//Settings
    • 適用於 Windows:./Vendor/MSFT/WiFi/Profile/MyNetwork/WlanXmlFor Windows: ./Vendor/MSFT/WiFi/Profile/MyNetwork/WlanXml
    注意

    開頭務必包含點號字元。Be sure to include the dot character at the beginning.

    SSID 是您要建立原則的 SSID。SSID is the SSID for which you’re creating the policy. 例如,./Vendor/MSFT/WiFi/Profile/Hotspot-1/SettingsFor example, ./Vendor/MSFT/WiFi/Profile/Hotspot-1/Settings

    e.e. 值欄位是貼上 XML 程式碼的位置。Value Field is where you paste your XML code. 範例如下。Here’s an example. 每個值應該適用於您的網路設定。Each value should be adapted to your network settings. 請參閱程式碼的註解區段,以取得一些指示。See the comments section of the code for some pointers.

  4. 選擇 [確定]並儲存,然後指派原則。Choose OK, save, and then assign the policy.

    注意

    此原則僅能指派給使用者群組。This policy can only be assigned to user groups.

每個裝置下一次簽入時,將套用此原則,並將裝置上建立 Wi-Fi 設定檔。The next time each device checks in, the policy will be applied, and a Wi-Fi profile will be created on the device. 裝置可以自動連線到網路。The device will be able to connect to the network automatically.

Android 或 Windows Wi-Fi 設定檔Android or Windows Wi-Fi profile

Android 或 Windows 的 Wi-Fi 設定檔 XML 程式碼範例如下︰Here’s an example of the XML code for an Android or Windows Wi-Fi profile:

重要

<protected>false</protected> 必須設定為 false,因為 true 可能會使裝置預期收到加密的密碼,而嘗試將它解密;這會導致連線失敗。<protected>false</protected>must be set to false, as true could cause device to expect an encrypted password and then try to decrypt it, which may result in a failed connection.

<hex>53534944</hex> 應設定為 <name><SSID of wifi profile></name> 的十六進位值。<hex>53534944</hex> should be set to the hexadecimal value of <name><SSID of wifi profile></name>. Windows 10 裝置可能會傳回誤報的 0x87D1FDE8 補救失敗錯誤,但仍會使用設定檔進行佈建。Windows 10 devices may return a false 0x87D1FDE8 Remediation failed error, but will still be provisioned with the profile.

<!--
<Name of wifi profile> = Name of profile
<SSID of wifi profile> = Plain text of SSID. Does not need to be escaped, could be <name>Your Company's Network</name>
<nonBroadcast><true/false></nonBroadcast>
<Type of authentication> = Type of authentication used by the network, such as WPA2PSK.
<Type of encryption> = Type of encryption used by the network
<protected>false</protected> do not change this value, as true could cause device to expect an encrypted password and then try to decrypt it, which may result in a failed connection.
<password> = Password to connect to the network
x>53534944</hex> should be set to the hexadecimal value of <name><SSID of wifi profile></name>
-->
<WLANProfile
xmlns="http://www.microsoft.com/networking/WLAN/profile/v1">
  <name><Name of wifi profile></name>
  <SSIDConfig>
    <SSID>
      <hex>53534944</hex>
 <name><SSID of wifi profile></name>
    </SSID>
    <nonBroadcast>false</nonBroadcast>
  </SSIDConfig>
  <connectionType>ESS</connectionType>
  <connectionMode>auto</connectionMode>
  <autoSwitch>false</autoSwitch>
  <MSM>
    <security>
      <authEncryption>
        <authentication><Type of authentication></authentication>
        <encryption><Type of encryption></encryption>
        <useOneX>false</useOneX>
      </authEncryption>
      <sharedKey>
        <keyType>networkKey</keyType>
        <protected>false</protected>
        <keyMaterial>MyPassword</keyMaterial>
      </sharedKey>
      <keyIndex>0</keyIndex>
    </security>
  </MSM>
</WLANProfile>

EAP 型 Wi-Fi 設定檔EAP-based Wi-Fi profile

EAP 型 Wi-Fi 設定檔的 XML 程式碼範例如下︰Here’s an example of the XML code for an EAP-based Wi-Fi profile:

    <WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1">
      <name>testcert</name>
      <SSIDConfig>
        <SSID>
          <hex>7465737463657274</hex>
          <name>testcert</name>
        </SSID>
        <nonBroadcast>true</nonBroadcast>
      </SSIDConfig>
      <connectionType>ESS</connectionType>
      <connectionMode>auto</connectionMode>
      <autoSwitch>false</autoSwitch>
      <MSM>
        <security>
          <authEncryption>
            <authentication>WPA2</authentication>
            <encryption>AES</encryption>
            <useOneX>true</useOneX>
            <FIPSMode     xmlns="http://www.microsoft.com/networking/WLAN/profile/v2">false</FIPSMode>
          </authEncryption>
          <PMKCacheMode>disabled</PMKCacheMode>
          <OneX xmlns="http://www.microsoft.com/networking/OneX/v1">
            <cacheUserData>false</cacheUserData>
            <authMode>user</authMode>
            <EAPConfig>
              <EapHostConfig     xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
                <EapMethod>
                  <Type xmlns="http://www.microsoft.com/provisioning/EapCommon">13</Type>
                  <VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId>
                  <VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType>
                  <AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId>
                </EapMethod>
                <Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
                  <Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1">
                    <Type>13</Type>
                    <EapType xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV1">
                      <CredentialsSource>
                        <CertificateStore>
                          <SimpleCertSelection>true</SimpleCertSelection>
                        </CertificateStore>
                      </CredentialsSource>
                      <ServerValidation>
                        <DisableUserPromptForServerValidation>false</DisableUserPromptForServerValidation>
                        <ServerNames></ServerNames>
                      </ServerValidation>
                      <DifferentUsername>false</DifferentUsername>
                      <PerformServerValidation xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">false</PerformServerValidation>
                      <AcceptServerName xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">false</AcceptServerName>
                      <TLSExtensions xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">
                        <FilteringInfo xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV3">
                          <AllPurposeEnabled>true</AllPurposeEnabled>
                          <CAHashList Enabled="true">
                            <IssuerHash>75 f5 06 9c a4 12 0e 9b db bc a1 d9 9d d0 f0 75 fa 3b b8 78 </IssuerHash>
                          </CAHashList>
                          <EKUMapping>
                            <EKUMap>
                              <EKUName>Client Authentication</EKUName>
                              <EKUOID>1.3.6.1.5.5.7.3.2</EKUOID>
                            </EKUMap>
                          </EKUMapping>
                          <ClientAuthEKUList Enabled="true"/>
                          <AnyPurposeEKUList Enabled="false">
                            <EKUMapInList>
                              <EKUName>Client Authentication</EKUName>
                            </EKUMapInList>
                          </AnyPurposeEKUList>
                        </FilteringInfo>
                      </TLSExtensions>
                    </EapType>
                  </Eap>
                </Config>
              </EapHostConfig>
            </EAPConfig>
          </OneX>
        </security>
      </MSM>
    </WLANProfile>

從現有的 Wi-Fi 連線建立 XML 檔案Create the XML file from an existing Wi-Fi connection

您也可以從現有的 Wi-Fi 連線建立 XML 檔案:You can also create an XML file from an existing Wi-Fi connection:

  1. 在連線到或最近已連線到無線網路的電腦上,開啟下列資料夾 ︰C:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces{guid}。On a computer that is connected to or has recently connected to the wireless network, open the following folder: C:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces{guid}.

    最好使用未連線至許多無線網路的電腦,因為您必須搜尋每個設定檔才能找到正確檔案。It’s best to use a computer that has not connected to many wireless networks, because you’ll have to search through each profile to find the right one.

  2. 搜尋 XML 檔案,找出名稱正確的檔案。Search through the XML files to locate the one with the right name.
  3. 找到正確的 XML 檔案後,將 XML 程式碼複製並貼入 OMA-URI 設定頁面的 [資料] 欄位。After you have located the correct XML file, copy and paste the XML code into the Data field of the OMA-URI settings page.
若要提交意見反應,請前往 Intune Feedback