diff --git a/windows/client-management/mdm/eap-configuration.md b/windows/client-management/mdm/eap-configuration.md
index cb42cb7572..f5e211ef20 100644
--- a/windows/client-management/mdm/eap-configuration.md
+++ b/windows/client-management/mdm/eap-configuration.md
@@ -1,12 +1,12 @@
---
title: EAP configuration
-description: Learn how to create an Extensible Authentication Protocol (EAP) configuration XML for a VPN profile, including details about EAP certificate filtering in Windows 10.
+description: Learn how to create an Extensible Authentication Protocol (EAP) configuration XML for a VPN profile, including details about EAP certificate filtering in Windows.
ms.date: 06/26/2017
---
# EAP configuration
-This article provides a step-by-step guide for creating an Extensible Authentication Protocol (EAP) configuration XML for a VPN profile, including information about EAP certificate filtering in Windows 10.
+This article provides a step-by-step guide for creating an Extensible Authentication Protocol (EAP) configuration XML for a VPN profile, including information about EAP certificate filtering in Windows. While the screenshots are specifically for VPN, the EAP portions are applicable to Wi-Fi and Wired EAP profiles as well. For more information, see [Configure EAP profiles and settings in Windows](/windows-server/networking/technologies/extensible-authentication-protocol/configure-eap-profiles).
## Create an EAP configuration XML for a VPN profile
@@ -292,6 +292,8 @@ Alternatively, you can use the following procedure to create an EAP configuratio
> [!NOTE]
> You can also set all the other applicable EAP Properties through this UI as well. A guide for what these properties mean can be found in the [Extensible Authentication Protocol (EAP) for network access](/windows-server/networking/technologies/extensible-authentication-protocol/network-access) article.
-## Related topics
+## Related articles
-[Configuration service provider reference](index.yml)
+* [Configuration service provider reference](index.yml)
+* [Extensible Authentication Protocol (EAP) for network access](/windows-server/networking/technologies/extensible-authentication-protocol/network-access)
+* [Configure EAP profiles and settings in Windows](/windows-server/networking/technologies/extensible-authentication-protocol/configure-eap-profiles)
\ No newline at end of file
diff --git a/windows/client-management/mdm/wifi-csp.md b/windows/client-management/mdm/wifi-csp.md
index 476762d285..af47398d61 100644
--- a/windows/client-management/mdm/wifi-csp.md
+++ b/windows/client-management/mdm/wifi-csp.md
@@ -138,7 +138,7 @@ Specifies the Profile Name of the Wi-Fi network (32 bytes maximum) to create, co
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later
✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
@@ -390,7 +390,7 @@ The profile XML must be escaped, as shown in the examples below.
If it exists in the blob, the **keyType** and **protected** elements must come before **keyMaterial**, as shown in the example in [WPA2-Personal Profile Sample](/windows/win32/nativewifi/wpa2-personal-profile-sample).
> [!NOTE]
-> If you need to specify other advanced conditions, such as specifying criteria for certificates that can be used by the Wi-Fi profile, you can do so by specifying this through the EapHostConfig portion of the WlanXML. For more information, see [EAP configuration](./eap-configuration.md).
+> If you need to specify other advanced conditions, such as specifying criteria for certificates that can be used by the Wi-Fi profile, you can do so by specifying this through the [EapHostConfig](/windows/win32/eaphost/eaphostconfigschema-eaphostconfig-element) portion of the WlanXml ([WLANProfile](/windows/win32/nativewifi/wlan-profileschema-elements) > [MSM](/windows/win32/nativewifi/wlan-profileschema-msm-wlanprofile-element) > [security](/windows/win32/nativewifi/wlan-profileschema-security-msm-element) > [OneX](/windows/win32/nativewifi/onexschema-onex-element) > EAPConfig). For more information, see [EAP configuration](./eap-configuration.md) and [Extensible Authentication Protocol (EAP) for network access](/windows-server/networking/technologies/extensible-authentication-protocol/network-access). For an example, see [WPA2-Enterprise with TLS profile sample](/windows/win32/nativewifi/wpa2-enterprise-with-tls-profile-sample).
@@ -404,6 +404,7 @@ If it exists in the blob, the **keyType** and **protected** elements must come b
+See [Add a network](#add-a-network) for examples.
@@ -494,7 +495,7 @@ See [Device/Profile/{SSID}](#deviceprofilessid) for more information.
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later
✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
@@ -768,7 +769,7 @@ These XML examples show how to perform various tasks using OMA DM.
### Add a network
-The following example shows how to add PEAP-MSCHAPv2 network with SSID 'MyNetwork'.
+The following example shows how to add a WPA2-Enterprise network with SSID and profile name `MyNetwork` that authenticates with PEAP-MSCHAPv2.
```xml
@@ -784,7 +785,7 @@ The following example shows how to add PEAP-MSCHAPv2 network with SSID 'MyNetwor
chr
- MyNetwork412D4D534654574C414EMyNetworkfalseESSmanualWPA2AEStrueuser2500025truetruefalse26falsefalsefalsefalsefalse
+ MyNetwork4d794e6574776f726bMyNetworkfalseESSmanualWPA2AEStrueuser2500025truetruefalse26falsefalsefalsefalsefalse]]>
@@ -793,6 +794,49 @@ The following example shows how to add PEAP-MSCHAPv2 network with SSID 'MyNetwor
```
+The following example shows how to add a WPA3-Enterprise network with profile name `My Network` and SSID `MySSID` that authenticates with EAP-TLS.
+
+> [!IMPORTANT]
+> Notice how the space is %-escaped in the `LocURI` and unescaped in the `WLANProfile` > `name`.
+
+```xml
+
+ 300
+
+ 301
+ -
+
+ ./Vendor/MSFT/WiFi/Profile/My%20Network/WlanXml
+
+
+ chr
+
+ My NetworkMySSIDESSautoWPA3ENTAEStrueenabled720128disabledmachine1300013truetrue00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff 00 11 22 33falsetruefalsefalse00112233445566778899aabbccddeeff00112233Client Authentication1.3.6.1.5.5.7.3.2Client Authentication]]>
+
+
+
+```
+
+The following example shows how to add a WPA3-Personal (transition mode) network with profile name and SSID `MyNetwork` that includes the passphrase `TestPassword1!`.
+
+```xml
+
+ 300
+
+ 301
+ -
+
+ ./Vendor/MSFT/WiFi/Profile/MyNetwork/WlanXml
+
+
+ chr
+
+ MyNetworkMyNetworkESSautoWPA3SAEAESfalsetruepassPhrasefalseTestPassword1!]]>
+
+
+
+```
+
### Query network profiles
The following example shows how to query Wi-Fi profiles installed on an MDM server.
@@ -825,7 +869,7 @@ The following example shows the response.
### Remove a network
-The following example shows how to remove a network with SSID 'MyNetwork' and no proxy. Removing all network authentication types is done in this same manner.
+The following example shows how to remove a network with SSID `MyNetwork` and no proxy. Removing all network authentication types is done in this same manner.
```xml
@@ -840,32 +884,12 @@ The following example shows how to remove a network with SSID 'MyNetwork' and no
```
-
-### Add a network and certification authority for a server certificate
-
-The following example shows how to add PEAP-MSCHAPv2 network with SSID 'MyNetwork' and root CA validation for server certificate.
-
-```xml
-
- 300
-
- 301
- -
-
- ./Vendor/MSFT/WiFi/Profile/MyNetwork/WlanXml
-
-
- chr
-
- MyNetworkMyNetworkfalseESSmanualWPA2AEStrueuser2500025true InsertCertThumbPrintHere truefalse26falsefalsefalsetruefalse
-
-
-
-```
## Related articles
-[Configuration service provider reference](configuration-service-provider-reference.md)
+* [Configuration service provider reference](configuration-service-provider-reference.md)
+* [Extensible Authentication Protocol (EAP) for network access](/windows-server/networking/technologies/extensible-authentication-protocol/network-access)
+* [Configure EAP profiles and settings in Windows](/windows-server/networking/technologies/extensible-authentication-protocol/configure-eap-profiles)
\ No newline at end of file