Windows 11 22H2 has discontinued the authentication of my MSCHAPv2 WiFi and wired connections with RADIUS.

This is a heads up - a big problem that is going to affect a huge number of WiFi networks. Windows 11 22H2 enable crendential Guard by default - Which disables MSCHAPv2 by default for SSO. many companies use MSCHAPv2 for authentication to Wifi and Wire Connections.

When you enable Credential Guard, you can no longer use classic NTLM authentication for single sign-on. You'll be required to enter your credentials to use these protocols and won't be able to save credentials for later use.

If you're using Wi-Fi and VPN endpoints based on MS-CHAPv2, they are susceptible to similar attacks as those targeting NTLMv1.

Source : Learn Article Security

微软 Recommends for Wi-Fi and VPN connections, replacing MSCHAPv2 connection (such as PEAP-MSCHAPv2 and EAP-MSCHAPv2) with certificate-based authentication (for example, PEAP-TLS or EAP-TLS).

This is super cool, the solution with EAP-TLS certificate for RADIUS authentication.

On the menu:

• Active Directory Certificate Authority: properly configured with security recommendations.
• Active Directory: with clean groups and GPOs to restrict deployment and enrollment of my domain computers to the Computer certificate template.
• NPS RADIUS: for network and connection policy, constraints, VLAN assignment.
• Wi-Fi Controller: supporting WPA3 Enterprise (AAA).
• Access Point: Wi-Fi 6 and WPA3 Enterprise support.

And best of all, I can reach my 1 Gbps speed...