This information is based on Microsoft’s beta release of System Center Configuration Manager Service Pack 2 and is subject to change.

As noted in one of the previous posts, SCCM SP2 has extended support for AMT / vPro Wireless Out Of Band use cases.  If we open Out of Band Management Component Configuration under "Site Database" -> "Site Management" -> <Site Code> -> "Site Settings" you will notice that there is a new tab for “802.1X & Wireless”.

OOBM-WirelessTab.jpg

 

 

When you click the new icon, you will be given the opportunity to create your AMT wireless profile.

OOBM-WirelessTab-New.jpg

 

 

 

There are a couple of interesting things to point out.  First, SCCM SP2 supports AMT wireless security types of WPA-Enterprise and WPA2-Enterprise; WPA-Personal and WPA2-Personal are not supported

OOBM-WirelessTab-SecurityType.jpg

 

Second, the encryption method can be either TKIP or AES.

OOBM-WirelessTab-EncryptionMethod.jpg

 

Third, you will notice that 802.1x authentication is required for the wireless connection supporting the Client Authentication methods of EAP-TLS, EAP-TTLS/MSCHAPv2, or PEAPV0/EAP-MSCHAPv2.

OOBM-WirelessTab-ClientAuthentication.jpg

 

The 802.1x trusted root certificate can be loaded from either a file or pulled directly from your CA infrastructure.

OOBM-WirelessTab-ServerAuthentication.jpg

OOBM-WirelessTab-TrustedRootCertificate.jpg

 

 

 

The Radius Client Certificate (depending on the Authentication method chosen) will allow to you choose a desired certificate template from one of your Microsoft Enterprise Certificate Authorities. 

OOBM-WirelessTab-ClientCertificateTemplate.jpg

OOBM-WirelessTab-RadiusClientCertificate.jpg

 

 

 

Once the wireless settings have been configured in the Out of Band Management Component Configuration, the certificate request will be generated for the AMT client and the wireless settings will be pushed to the AMT client during the initial provisioning or when a “Update Management Controller” is performed on the client.

 

--Matt Royer