The use of mobile devices such as laptops, tablets, and mobile phones is becoming an integral part of the modern-day lifestyle. Staying connected at all times has become the motto, with users staying connected on the go. This creates the need for jumping between different networks and Wi-Fi access, especially when a user is logging in from multiple locations from one device.
Passpoint, developed by the Wi-Fi Alliance, allows users to switch between Wi-Fi hotspots without the need to authenticate themselves every time they log in to the same network. This protocol can be deployed in any environment, whether retail outlets, public places such as airports, or managed enterprise networks, for enhanced network security.
In this article, we will briefly explore how Passpoint Wi-Fi works and address the most important questions: whether it is a secure way to jump between networks, whether it is the same as or different from OpenRoaming, and if it can work with Azure AD as well as share a list of devices that are Passpoint competent.
How Does Passpoint Wi-Fi Network Work?
Passpoint works almost the same way as roaming in a cellular network to provide a smooth transition and connection, giving you freedom from relying on mobile data. Passpoint adheres to the subset of the 802.11u interworking Protocols, IEEE 802.11. This subset addresses how mobile devices capable of connecting to the Passpoint Wi-Fi networks transition between the partner networks when roaming.
Passpoint, at its core, has the following functions-
- Network discovery and selection to choose the right network from all the available ones. Passpoint enables automation of transition between Wi-Fi networks, which are the partner networks of the primary network that the device is connected to.
- Smooth switching from one Wi-Fi access point to the other that eliminates the need to key in the credentials manually for every access. Once a Passpoint-enabled device successfully connects with a Passpoint Wi-Fi network, consecutive logins to the same network do not require manual authentication. The devices automatically connect, making it a seamless transition between multiple “home” networks.
- And secure network connection because of the information elements that help determine the identity of the appropriate home network for the device at that particular location, thus creating secured connections. Enterprises can attach a Unique ID to their access points to prevent devices from connecting to networks created for malicious intent.
A Passpoint-enabled mobile device, at the time of establishing a connection with a Wi-Fi Passpoint, will be provided with certain information that helps connect to the right partner network. This information is called the Information Element, and one of the most important elements is the Roaming Consortium.
What is a Roaming Consortium?
One of the most crucial elements that helps in network discovery and selection is the Roaming Consortium. In short, a Roaming Consortium is a group of networks that meet specific security standards and agree to provide internet access to mobile devices. It helps identify access points of service providers or roaming partners with which the primary network has an agreement. This allows a client device to connect automatically and authenticate to the partner network after the first login using the user’s own security credentials.
What’s the Difference between OpenRoaming and Passpoint Wi-Fi Networks?
OpenRoaming and Passpoint are often used interchangeably, but they are slightly different from each other. They both are 802.11u networking protocols and, therefore, guidelines and not an application or a program. However, Passpoint was developed by Wi-Fi Alliance (WFA), whereas OpenRoaming was developed by Cisco and then later by Wireless Broadband Alliance (WBA).
Both WBA and WFA work closely, and therefore, there are a lot of similarities in their implementation. One major difference, however, is that Passpoint is more about direct network partnership and local roaming, while OpenRoaming is focused more on a larger geographical area. OpenRoaming is also best when used in conjunction with Passpoint since, on its own, it has a limited implementation.
Is Passpoint/OpenRoaming Secure?
Security was one of the key concerns around which the Passpoint and OpenRoaming protocols were designed and implemented. Public Wi-Fi networks are often breeding grounds for a host of security threats, most of which are addressed by these protocols.
Some of the top reasons why Passpoint and OpenRoaming protocols are a more secure way to access the network when roaming are:
- Uses enterprise network protocols such as WPA2 and WPA3 with EAP authentication protocol, which are considered the latest and standard security protocols.
- Enables automatic network discovery and selection once a device accesses the Wi-Fi network for a particular location, thereby eliminating the risks of connecting to a spoofed network, a likely probability with manual selection. The process can be enabled for RADIUS authentication with certificates, making it more secure than credential-based authentication.
- Enables Advertising Protocols that allow the use of Access Network Query Protocol (ANQP) to collect critical network information as a part of the network selection process.
- Passpoint is designed as per EEE 802.11u specification – a version of 802.1x, the standard for mobile and roaming networks.
- Provides for greater user experience with seamless network access and roaming as well as is supported by major mobile operating systems such as iOS, Android, Windows, and macOS.
List of Devices Supporting Passpoint
Are you wondering if your devices could allow you to use Passpoint? Fortunately, most modern devices do support the protocol. Here is a list of the devices that support Passpoint.
- Passpoint-Supported Windows OS Devices
Windows 10 devices can utilize:
Passpoint r1
Passpoint r2
- Passpoint-Supported macOS Devices
macOS 10.9+ devices can utilize:
Passpoint r1
- Passpoint-Supported Android Devices
Android 6+ devices
Passpoint r1 (but it’s not reliable)
Android 7+ devices can utilize:
Passpoint r1 (but it’s not reliable)
Android 8+ devices can utilize:
Passpoint r1 (but it’s not reliable)
Android 9+ devices can utilize:
Passpoint r1
Passpoint r2
Android 10+ devices can utilize:
Passpoint r1
Passpoint r2
Android 11+ devices can utilize:
Passpoint r1
Passpoint r2
Passpoint r3
- Passpoint-Supported iOS Devices
iOS 7+ devices can utilize:
Passpoint r1
Note: Passpoint does not support Windows 7 devices at all.
How to Deploy Passpoint/OpenRoaming Wi-Fi Alliance for Your Network
Deploying Passpoint or OpenRoaming, or a combination of both in your network, is the next step to securing your mobile devices during roaming. As mentioned before, these guidelines work easily with WPA2enterprise networks and with certificate-based authentication.
Your devices need to be configured with Passpoint settings to enable the use of Passpoint/OpenRoaming. Enabling Passpoint on your mobile devices is fairly straightforward and just involves enabling it in your Wi-Fi settings by checking the Passpoint box in advanced settings.
Can I Use Passpoint with Microsoft Azure?
Paspoint, as a guideline when implemented for your enterprise network, can also be used with Azure. It can be intimidating to set it up because it involves a few complicated steps that require experts to integrate and design the infrastructure.
SecureW2 allows any organization to use its Microsoft Azure (Entra ID) Identity Provider for Wi-Fi authentication. It does this by providing a variety of ways that users and devices can be verified as existing users/devices and/or compliant and then receive a certificate and network settings.
In order to connect to Passpoint networks, devices need a few settings configured on their device. Some examples are FQDN (Fully Qualified Domain Name) and the Roaming Organization Identifier. SecureW2 (shown in the above image) allows organizations to automate the configuration of Passpoint secure Wi-Fi by pushing the settings required by the Wi-Fi alliance. Since SecureW2 can be integrated with all common Identity Providers, you can push the Passpoint profile to your Okta, Google, or OneLogin users in addition to Azure.
Deploy Passpoint/OpenRoaming with SecureW2
The modern workplace is a dynamic eco-system with hybrid and remote working environments woven seamlessly with working from multiple locations as well as when roaming. A network, therefore, has to be dynamic enough to support and provide a secure, seamless connection to its users when roaming, one that you can connect automatically to without authenticating every time you access the Wi-Fi.
Passpoint/OpenRoaming provides the necessary guidelines for creating a secure environment that automates network selection and connectivity for users on the move. Though there are multiple factors that go into implementing Passpoint, SecureW2 can help make the entire process accurate and hassle-free.
SecureW2 offers a multitude of solutions for secure Wi-Fi access that include support for Passpoint and OpenRoaming with certificate-based authentication with our onboarding solutions.
SecureW2 can integrate your existing network and fill in the gaps to seamlessly connect with the Passpoint network without any major infrastructure overhaul. Click here to learn more about pricing.