top of page
Writer's pictureSteffen Schwerdtfeger

Ordering Wi-Fi profiles via Intune

Wondering how your endpoints are choosing the preferred Wi-Fi network? Adding managed Wi-Fi profiles via Intune is one thing - but, how about their order? Let us find a way to always prioritize the corporate Wi-Fi profile.


Some background.

Windows chooses the preferred network based on the order of network profiles stored on your client. You can easily get that list via executing:

netsh wlan show profiles

The first network in the list is the most preferred one:

Besides the user added Wi-Fi networks, Intune managed profiles are also added under "User profiles". Problem? When users are adding a new network with "Connect automatically" checkbox selected, this will put it on top of the list. Subsequently, the managed profile from Intune will be moved down.


Short example (new client in Intune):

  • Intune pushes the profile "Contoso-Corp" (will be the first in the list).

  • The client connects to "Contoso-Corp" as desired.

  • User now connects manually to "Contoso-Guest" with "Connect automatically" activated.

  • Now "Contoso-Guest" gets the first item in the list and will be preferred from now on.


Unfortunately, the previous section "Group policy profiles (read only)" cannot be filled with Intune (only via traditional AD with GPOs) where it was possible to define an order.


How about the property "autoSwitch" in the XML network profile?

Determines the roaming behaviour of an auto-connected network when a more preferred network is in range, as stated here.

If enabled, the client would switch/roam to another network that has a higher priority. But, this does not help in our cases.


See this example (new client):

  • Intune pushes the profile "Contoso-Corp" (will be the first in the list).

  • The client connects to "Contoso-Corp" as desired.

  • User now connects manually to "Contoso-Guest" with "Connect automatically" activated.

  • Now "Contoso-Guest" gets the first item in the list and will be preferred from now on.

  • If we would push a profile for "Contoso-Guest" with autoSwitch = true, the client would look and switch to a more preferred network if found.

    • But, we have no guarantee that "Contoso-Corp" is "more preferred" (it is just somewhere in the list).

    • So, this would only help if "Contoso-Corp" is the first Wi-Fi in the list.


Unfortunately, there is no way to set the order via directly via the network / XML profile. Only option to push "Contoso-Corp" on top of the list seems to be:

netsh wlan set profileorder name="Contoso-Corp" interface="Wi-Fi" priority=1

Prioritizing the desired profile via Proactive Remediations

Idea is to run this command on a regular basis and push "Contoso-Corp" to the top of the list. Therefore we are using a detect and remediate script.



Prioritize_WiFiNetworkProfile_Detect.ps1

Searches the desired Wi-Fi in the netsh output and compares the index.

#=========================================================================#
# Script Name:         Prioritize_WiFiNetworkProfile_Detect.ps1
# Description:         Check if desired wireless network profile is first
# Changelog:           2024-07-10: Initial version.
# Author:              Steffen Schwerdtfeger
#
#=========================================================================

# define Variables
$wifiProfileName = "Contoso-Corp"

# Get all wireless network profiles
$wifiProfiles = ((netsh wlan show profiles) -match '\s{2,}:\s') -replace '.*:\s' , ''

# Check if desired profile is first
if($wifiProfiles[0] -eq $wifiProfileName) {
    Write-Output "Network $wifiProfileName is the first in the list. OK."
    exit 0
} else {
    $index = [array]::IndexOf($wifiProfiles, $wifiProfileName)
    if($index -eq -1) {
        Write-Output "Network $wifiProfileName not found on the client."
    } else {
        Write-Output "Network $wifiProfileName is NOT the first in the list. Current index: $index."
    }
    exit 1
}

Prioritize_WiFiNetworkProfile_Remediate.ps1

Puts the desired network on top of the list. The tricky part: Clients can have multiple adapters and their name is depending on the OS language (e.g.: "Wi-Fi", "WLAN", ...).

#=========================================================================
#
# Script Name:         Prioritize_WiFiNetworkProfile_Remediate.ps1
# Description:         Change priority of desired wireless network profile
#                      on all interfaces to 1.
# Changelog:           2024-07-10: Inital version.
# Author:              Steffen Schwerdtfeger
#
#=========================================================================

# define Variables
$wifiProfileName = "Contoso-Corp"

try {

    Write-Output "Search for all wireless network adapters."
    # Run the 'netsh wlan show interface' command and capture the output
    $adapterInfo = netsh wlan show interface

    # Initialize an empty array to store adapter names
    $adapters = @()

    # Split the output by lines
    $lines = $adapterInfo -split "`n"

    # Iterate over each line
    foreach ($line in $lines) {
        # Check if the line contains "Name" (indicating an adapter name)
        if ($line -match "Name") {
            # Extract the adapter name and add it to the list
            $adapterName = $line -replace "Name\s*:\s*", ""
            $adapterName = $adapterName.Trim()
            $adapters += $adapterName
        }
    }

    # Print the list of available wireless network adapters
    Write-Output "Found the following wireless network adapters:"
    foreach ($adapter in $adapters) {
        Write-Output "- $adapter"
    }

    Write-Output "------------------------------------------------------"
    # Set priority for each network adapter
    foreach ($adapter in $adapters) {
        Write-Output "Set priority=1 for network $wifiProfileName on interface $adapter."
        netsh wlan set profileorder name="$wifiProfileName" interface="$adapter" priority=1
    }
    exit 0

} catch {
    # error occured
    $errMsg = $_.Exception.Message
    Write-Output "Error: $errMsg"
    exit 1
}

Simply upload the scripts to Intune, assign the PAR to the desired group and choose a schedule:


0 comments

Comments


bottom of page