This information is based on Microsoft’s beta release of System Center Configuration Manager Service Pack 2 and is subject to change.

As noted in one of the previous posts, SCCM SP2 has extended support for AMT / vPro Wireless Out Of Band use cases.  If we open Out of Band Management Component Configuration under "Site Database" -> "Site Management" -> <Site Code> -> "Site Settings" you will notice that there is a new tab for “802.1X & Wireless”.




When you click the new icon, you will be given the opportunity to create your AMT wireless profile.





There are a couple of interesting things to point out.  First, SCCM SP2 supports AMT wireless security types of WPA-Enterprise and WPA2-Enterprise; WPA-Personal and WPA2-Personal are not supported



Second, the encryption method can be either TKIP or AES.



Third, you will notice that 802.1x authentication is required for the wireless connection supporting the Client Authentication methods of EAP-TLS, EAP-TTLS/MSCHAPv2, or PEAPV0/EAP-MSCHAPv2.



The 802.1x trusted root certificate can be loaded from either a file or pulled directly from your CA infrastructure.






The Radius Client Certificate (depending on the Authentication method chosen) will allow to you choose a desired certificate template from one of your Microsoft Enterprise Certificate Authorities. 






Once the wireless settings have been configured in the Out of Band Management Component Configuration, the certificate request will be generated for the AMT client and the wireless settings will be pushed to the AMT client during the initial provisioning or when a “Update Management Controller” is performed on the client.


--Matt Royer