Why authenticate with certificates to access the network?
We hear this question frequently: "Why should I not log in to my WIFI by using my (Azure) Active Directory credentials?"
We believe that users should use their (Azure) Active Directory credentials as little as possible. Working password-less is state of the art and prevents identity theft. This is why we use certificates for network authentication. Authenticating with certificates means no credentials are transferred.
There is another benefit: device certificates are available for the operating system prior to user login. Therefore, network connections can be established before Windows user logon.
Finally, it's not a big deal: Certificates and WiFi profiles can be easily deployed to clients. SCEPman is built to make this very easy for environments with clients that are managed by Intune or JAMF.