Skip Navigation

Windows
Wi-Fi
 profile settings

Windows
Wi-Fi
 profile setting
Description 
Connect automatically when this network is in range
This setting specifies whether devices can connect automatically to the 
Wi-Fi
 network.
Security type
This setting specifies the type of security that the 
Wi-Fi
 network uses.
Possible values:
  • Open
  • WPA-Enterprise
  • WPA-Personal
  • WPA2-Enterprise
  • WPA2-Personal
The default value is "Open."
Encryption type
This setting specifies the encryption method that the 
Wi-Fi
 network uses.
The "Security type" setting determines which encryption types are supported and the default value for this setting.
Possible values:
  • None
  • WEP
  • TKIP
  • AES
WEP key
This setting specifies the WEP key for the 
Wi-Fi
 network. The WEP key must be 10 or 26 hexadecimal characters (0-9, A-F) or 5 or 13 alphanumeric characters (0-9, A-Z).
Examples of hexadecimal key values are ABCDEF0123 or ABCDEF0123456789ABCDEF0123. Examples of alphanumeric key values are abCD5 or abCDefGHijKL1.
This setting is valid only if the "Security type" setting is set to "Open" and the "Encryption type" is set to "WEP."
Key index
This setting specifies the position of the matching key stored on the wireless access point. 
This setting is valid only if the "Security type" setting is set to "Open" and the "Encryption type" is set to "WEP."
The possible values are from 1 to 4. 
The default value is 2.
Preshared key
This setting specifies the preshared key for the 
Wi-Fi
 network.
This setting is valid only if the "Security type" setting is set to "
WPA-Personal
."
Enable single sign-on
This setting specifies whether the 
Wi-Fi
 network supports single sign-on authentication. 
This setting is valid only if the "Security type" setting is set to "
WPA-Enterprise
" or "
WPA2-Enterprise
."
Single sign-on type
This setting specifies when single sign-on authentication is performed. When set to “Perform immediately before user login”, single sign-on is performed before the user logs in to your organization’s Active Directory. When set to “Perform immediately after user login”, single sign-on is performed immediately after the user logs in to your organization’s Active Directory.
This setting is valid only if the “Enable single sign-on" setting is selected.
Possible values:
  • Perform immediately before user login
  • Perform immediately after user login
The default value is “Perform immediately before user login.”
Maximum delay for connectivity
This setting specifies, in seconds, the maximum delay before the single sign-on connection attempt fails.
This setting is valid only if the “Enable single sign-on" setting is selected.
The possible values are from 0 to 120 seconds.
The default value is "10 seconds."
Allow additional dialogs to be displayed during single sign-on
This setting specifies whether a device can display dialog boxes beyond the login screen. For example, if an EAP authentication type requires a user to confirm the certificate sent from server during authentication, the device can display the dialog box.
This setting is valid only if the “Enable single sign-on" setting is selected.
This network uses separate virtual LANs for machine and user authentication
This setting specifies whether the VLAN used by a device changes based on the user's login information. For example, if the device is placed on one VLAN when it starts, and then — based on user permissions — transitions to a different VLAN network after the user logs in.
This setting is valid only if the “Enable single sign-on" setting is selected.
Validate server certificate
This setting specifies whether a device must validate the server certificate that verifies the identity of the wireless access point.
This setting is valid only if the "Security type" setting is set to "
WPA-Enterprise
" or "
WPA2-Enterprise
."
Do not prompt user to authorize new servers or trusted certification authorities
This setting specifies whether a user is prompted to trust the server certificate. 
This setting is valid only if the “Validate server certificate" setting is selected.
CA certificate profiles
This setting specifies the CA certificate profile that provides the root of trust for the server certificate that the wireless access point uses.
This setting limits the root CAs that devices trust to the selected CAs. If you do not select any trusted root CAs, devices trust all root CAs listed in their trusted root certification authority store.
This setting is valid only if the “Validate server certificate" setting is selected.
Enable fast reconnect
This setting specifies whether the 
Wi-Fi
 network supports fast reconnect for PEAP authentication across multiple wireless access points. 
This setting is valid only if the "Security type" setting is set to "
WPA-Enterprise
" or "
WPA2-Enterprise
."
Enforce NAP
This setting specifies whether the 
Wi-Fi
 network uses NAP to perform system health checks on devices to verify that they meet health requirements, before connections to the network are permitted.
This setting is valid only if the "Security type" setting is set to "
WPA-Enterprise
" or "
WPA2-Enterprise
."
Enable FIPS mode
This setting specifies whether the 
Wi-Fi
 network supports compliance with the FIPS 140-2 standard.
This setting is valid only if the "Security type" setting is set to "WPA2-Enterprise" or "WPA2-Personal" and the "Encryption type" is set to "AES."
Enable PMK caching
This setting specifies whether a device can cache the PMK to turn on 
WPA2
 fast roaming. Fast roaming skips 802.1X settings with a wireless access point that the device authenticated with previously.
This setting is valid only if the "Security type" setting is set to "WPA2-Enterprise."
PMK time to live
This setting specifies the duration, in minutes, that a device can store the PMK in cache.
This setting is valid only if the “Enable PMK caching" setting is selected.
The possible values are from 5 to 1440 minutes.
The default value is 720 minutes.
Number of entries in PMK cache
This setting specifies the maximum number of PMK entries that a device can store in cache.
This setting is valid only if the “Enable PMK caching" setting is selected.
The possible values are from 1 to 255.
The default value is 128.
This network uses preauthentication
This setting specifies whether the access point supports preauthentication for 
WPA2
 fast roaming. 
Preauthentication allows devices that connect to one wireless access point to perform 802.1X settings with other wireless access points within its range. Preauthentication stores the PMK and its associated information in the PMK cache. When the device connects to a wireless access point with which it has preauthenticated, it uses the cached PMK information to reduce the time required to authenticate and connect.
This setting is valid only if the “Enable PMK caching" setting is selected.
Maximum preauthentication attempts
This setting specifies the maximum number of allowed preauthentication attempts.
This setting is valid only if the “This network uses preauthentication" setting is selected.
The possible values are from 1 to 16.
The default value is 3.
Proxy type
This setting specifies the type of proxy configuration for the 
Wi-Fi
 profile. 
Possible settings:
  • None
  • PAC configuration
  • Manual configuration
  • Web Proxy Autodiscovery
The default setting is "Manual configuration."
This setting applies only to 
Windows 10 Mobile
 devices.
PAC URL
This setting specifies the URL for the web server that hosts the PAC file and the PAC file name in the format http://<web_server_URL>/<filename>.pac.
This setting is valid only if the "Proxy type" setting is set to "PAC configuration."
Address
This setting specifies the server name and port for the network proxy. Use the format host:port (for example, server01.example.com:123). The host must be one of the following:
  • A registered name, such as a server name, FQDN, or Single Label Name (for example, server01 instead of server01.example.com)
  • An IPv4 or IPv6 address
This setting is valid only if the "Proxy type" setting is set to "Manual configuration."
Web Proxy Autodiscovery
This setting specifies whether to enable the Web Proxy Autodiscovery Protocol (WPAD) for proxy lookup.
This setting is valid only if the "Proxy type" setting is set to "Web Proxy Autodiscovery."
By default, the check box is not selected.
Turn off Internet connectivity checks
This setting specifies whether to turn off Internet connectivity checks.
By default, the check box is not selected.
Associated SCEP profile
This setting specifies the associated SCEP profile that a device uses to obtain a client certificate to authenticate with the 
Wi-Fi
 network.