Results 1 to 2 of 2
  1. #1
    Untangler
    Join Date
    Aug 2009
    Posts
    77

    Default Captive Portal Microsoft Auto Login

    Greetings,

    I am trying to replicate with Azure AD joined Windows laptops what I have done with Chromebooks.

    With Chromebooks I have setup Captive Portal on the Student policy to automatically capture any traffic except that which is needed for authentication. This works perfectly behind the scenes whenever a student visits any website after logging in.

    I am trying to replicate this with Windows laptops that are joined via Autopilot and Intune, and authenticate via Office 365 and Azure AD.

    This is what works:
    • Connect to the Student WiFi on the laptop. The authentication window automatically opens, then automatically authenticates via the Microsoft user that is already logged in, then redirects to a specified website.
    • I see that user successfully in the Captive Portal Active Sessions list.



    This is what doesn't work:
    • The Student Wifi credentials are deployed via Intune policies, so the laptop is already connected even before login.
    • A student logs in.
    • This student then can browse any permitted website, but is NEVER captured by captive portal. The confusing part is that the user can browse, and yet the reports show that the traffic is blocked because of the capture rules.
    • I have to disconnect the WiFi, then re-connect. That action then causes the above "This is what works" scenario to happen.



    Any ideas what I might be missing to force Captive portal to capture the traffic and authenticate without having to re-connect the WiFi to the Student SSID? Is there a URL I can use to force the capture that I could possibly deploy to open after login?

    Thank you for your help.

  2. #2
    Untangler
    Join Date
    Aug 2009
    Posts
    77

    Default

    Alright, I think I may have figured it out. Here is a reference to my post about the Captive Portal ignore rules for Intune:
    https://forums.untangle.com/captive-...ore-rules.html

    The Captive Portal redirection worked after I removed the following domain in my ignore rules: *msftconnecttest.com

    Once I removed that domain, then any website visited that was not ignored would be immediately directed to the captive portal authentication. That would happen automatically as expected, then would continue on to the requested website.

    Now the next thing to figure out is how to logout a session when a user signs out, since these will be shared laptops.
    jcoehoorn likes this.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2