Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.20
  3. Managing secure connections
  4. Managing work connections using profiles
  5. Setting up work Wi-Fi networks for devices
  6. Windows: Wi-Fi profile settings

Windows
:
Wi-Fi
 profile settings

Windows
:
Wi-Fi
 profile setting
Description
Connect automatically when this network is in range
This setting specifies whether devices can connect automatically to the
Wi-Fi
 network.
Security type
This setting specifies the type of security that the
Wi-Fi
 network uses.
Encryption type
This setting specifies the encryption method that the
Wi-Fi
 network uses.
The "Security type" setting determines which encryption types are supported and the default value for this setting.
WEP key
This setting specifies the WEP key for the
Wi-Fi
 network. The WEP key must be 10 or 26 hexadecimal characters (0-9, A-F) or 5 or 13 alphanumeric characters (0-9, A-Z).
Examples of hexadecimal key values are ABCDEF0123 or ABCDEF0123456789ABCDEF0123. Examples of alphanumeric key values are abCD5 or abCDefGHijKL1.
This setting is valid only if the "Security type" setting is set to "Open" and the "Encryption type" is set to "WEP."
Key index
This setting specifies the position of the matching key stored on the wireless access point.
This setting is valid only if the "Security type" setting is set to "Open" and the "Encryption type" is set to "WEP."
Preshared key
This setting specifies the preshared key for the
Wi-Fi
 network.
This setting is valid only if the "Security type" setting is set to "
WPA-Personal
."
Enable single sign-on
This setting specifies whether the
Wi-Fi
 network supports single sign-on authentication.
This setting is valid only if the "Security type" setting is set to "
WPA-Enterprise
" or "
WPA2-Enterprise
."
Single sign-on type
This setting specifies when single sign-on authentication is performed. When set to “Perform immediately before user login”, single sign-on is performed before the user logs in to
Active Directory
. When set to “Perform immediately after user login”, single sign-on is performed immediately after the user logs in to
Active Directory
.
This setting is valid only if the “Enable single sign-on" setting is selected.
Maximum delay for connectivity
This setting specifies, in seconds, the maximum delay before the single sign-on connection attempt fails.
This setting is valid only if the “Enable single sign-on" setting is selected.
Allow additional dialogs to be displayed during single sign-on
This setting specifies whether a device can display dialog boxes beyond the login screen. For example, if an EAP authentication type requires a user to confirm the certificate sent from server during authentication, the device can display the dialog box.
This setting is valid only if the “Enable single sign-on" setting is selected.
This network uses separate virtual LANs for machine and user authentication
This setting specifies whether the VLAN used by a device changes based on the user's login information. For example, if the device is placed on one VLAN when it starts, and then (based on user permissions) transitions to a different VLAN network after the user logs in.
This setting is valid only if the “Enable single sign-on" setting is selected.
Validate server certificate
This setting specifies whether a device must validate the server certificate that verifies the identity of the wireless access point.
This setting is valid only if the "Security type" setting is set to "
WPA-Enterprise
" or "
WPA2-Enterprise
."
Do not prompt user to authorize new servers or trusted certification authorities
This setting specifies whether a user is prompted to trust the server certificate.
This setting is valid only if the “Validate server certificate" setting is selected.
CA certificate profiles
This setting specifies the CA certificate profile that provides the root of trust for the server certificate that the wireless access point uses.
This setting limits the root CAs that devices trust to the selected CAs. If you do not select any trusted root CAs, devices trust all root CAs listed in their trusted root certification authority store.
This setting is valid only if the “Validate server certificate" setting is selected.
Enable fast reconnect
This setting specifies whether the
Wi-Fi
 network supports fast reconnect for PEAP authentication across multiple wireless access points.
This setting is valid only if the "Security type" setting is set to "
WPA-Enterprise
" or "
WPA2-Enterprise
."
Enforce NAP
This setting specifies whether the
Wi-Fi
 network uses NAP to perform system health checks on devices to verify that they meet health requirements before connections to the network are permitted.
This setting is valid only if the "Security type" setting is set to "
WPA-Enterprise
" or "
WPA2-Enterprise
."
Enable FIPS mode
This setting specifies whether the
Wi-Fi
 network supports compliance with the FIPS 140-2 standard.
This setting is valid only if the "Security type" setting is set to "WPA2-Enterprise" or "WPA2-Personal" and the "Encryption type" is set to "AES."
Enable PMK caching
This setting specifies whether a device can cache the PMK to turn on
WPA2
 fast roaming. Fast roaming skips 802.1X settings with a wireless access point that the device authenticated with previously.
This setting is valid only if the "Security type" setting is set to "WPA2-Enterprise."
PMK time to live
This setting specifies the duration, in minutes, that a device can store the PMK in cache.
This setting is valid only if the “Enable PMK caching" setting is selected.
Number of entries in PMK cache
This setting specifies the maximum number of PMK entries that a device can store in cache.
This setting is valid only if the “Enable PMK caching" setting is selected.
This network uses preauthentication
This setting specifies whether the access point supports preauthentication for
WPA2
 fast roaming.
Preauthentication allows devices that connect to one wireless access point to perform 802.1X settings with other wireless access points within its range. Preauthentication stores the PMK and its associated information in the PMK cache. When the device connects to a wireless access point with which it has preauthenticated, it uses the cached PMK information to reduce the time required to authenticate and connect.
This setting is valid only if the “Enable PMK caching" setting is selected.
Maximum preauthentication attempts
This setting specifies the maximum number of allowed preauthentication attempts.
This setting is valid only if the “This network uses preauthentication" setting is selected.
Proxy type
This setting specifies the type of proxy configuration for the
Wi-Fi
 profile.
This setting applies only to
Windows 10 Mobile
 devices.
PAC URL
This setting specifies the URL for the web server that hosts the PAC file and the PAC file name in the format http://<web_server_URL>/<filename>.pac.
This setting is valid only if the "Proxy type" setting is set to "PAC configuration."
Address
This setting specifies the server name and port for the network proxy. Use the format host:port (for example, server01.example.com:123). The host must be one of the following:
  • A registered name, such as a server name, FQDN, or Single Label Name (for example, server01 instead of server01.example.com)
  • An IPv4 or IPv6 address
This setting is valid only if the "Proxy type" setting is set to "Manual configuration."
Web Proxy Autodiscovery
This setting specifies whether to enable the Web Proxy Autodiscovery Protocol (WPAD) for proxy lookup.
This setting is valid only if the "Proxy type" setting is set to "Web Proxy Autodiscovery."
Turn off Internet connectivity checks
This setting specifies whether to turn off Internet connectivity checks.
Associated SCEP profile
This setting specifies the associated SCEP profile that a device uses to obtain a client certificate to authenticate with the
Wi-Fi
 network.