Our Windows admin tried enabling Credential Guard on a few test laptops, which promptly broke PEAP-MSCHAP auth to the wireless, as documented, so we turned it off again. The suggested workarounds include using certificate-based auth, which I would really like to avoid having to stand up a PKI. Are there any other ways to authenticate the user on a Windows device to the wifi with NAC when Credential Guard is enabled? It's a really nice feature in that it can block malware from moving horizontally across the network with cached user credentials.
Be the first to post a reply!