We're running into a frustrating issue where feature updates for Windows 11 are breaking 802.1X wired authentication policies on our enterprise devices. We're wondering if anyone else is experiencing this and what potential solutions or workarounds you might have found. Specifically, during in-place upgrades (like 23H2 to 24H2 or 25H2), it seems like the 802.1X authentication settings get wiped, especially since the files in the C:Windowsdot3svcPolicies folder seem to disappear. This leads to devices losing their connection because the settings revert to default, causing them to fail authentication on our NAC-enforced networks. We're exploring options like backing up and restoring the dot3svc policy files, reapplying wired profiles through scripts after the upgrade, or using Intune remediation scripts, but the update process limits our choices. If you've dealt with this, I'd love to hear your experiences!
5 Answers
We experienced Wired DOT1X issues when transitioning from 23H2 to 24H2, but surprisingly, WiFi DOT1X remained unaffected. We managed to work around the wired issue by ensuring the unauthenticated network didn't issue DHCP leases. This way, it wouldn't become the primary interface, and devices could still connect via WiFi to refresh the Group Policies.
We had a couple of systems that faced this issue, but it wasn't as widespread for us. We managed to connect via a USB WiFi adapter and get on the wireless network to push the policies again. Not the ideal solution, but it got us back online!
It seems Microsoft has a knack for breaking 802.1X every couple of updates! I’m getting tired of this recurring issue.
You mentioned using GPO for 802.1X profiles. Have you checked if the CSP XML pushed through Intune is experiencing the same problem?
I'm following this issue too! We saw similar problems when we upgraded from Windows 10 to 11. What we did was connect to a non-802.1X network initially and used VPN to update the policies on the affected devices. It was a bit of a hassle, but it worked!
We had a similar situation—upgrading also caused the same issues for us.
That might be related to how Credential Guard was set by default. I've had success resolving the 802.1X issues by disabling Credential Guard in UEFI. There are some commands to help with that if you're interested.