Challenge
A global retail brand with more than 7,000 employees needed to upgrade its network security architecture to handle an internationally distributed workforce while ensuring robust security. The ideal solution would establish passwordless, certificate-based authentication for workers in corporate offices, distribution centers, and retail locations on multiple continents, at enterprise scale and with little oversight.
More specifically, the IT team needed a managed cloud RADIUS solution that could serve all locations globally without requiring on-premise hardware at every site. This would enable a move to full 802.1X authentication with minimal overhead.
The device fleet included both Apple/macOS and Windows endpoints, which added complexity. Any certificate-based authentication solution had to integrate with both Jamf and Microsoft Intune and distribute certificates across operating systems without requiring manual IT intervention at each location.
In addition to Wi-Fi authentication, the client also needed certificate lifecycle management, including an internal certificate authority (CA), with both capabilities ideally coming from a single deployment.
Solution
The team selected SecureW2 for dual-MDM support, global Cloud RADIUS coverage, and internal CA capability. One member of the evaluation team had deployed SecureW2 solutions at a previous organization, helping accelerate the procurement decision and implementation process.
First, the client ran a proof of concept to validate the platform against its specific infrastructure and security requirements, and confirmed compatibility with the dual Intune-Jamf environment, Entra ID identity layer, and global network footprint. With operability and platform effectiveness validated, the team moved quickly to complete setup.
Today, the SecureW2 JoinNow platform has replaced password-based network access with 802.1X certificate-based Wi-Fi authentication across the global device fleet. Microsoft Intune handles automated certificate enrollment for Windows-managed devices and Jamf manages certificate deployment to Apple and macOS endpoints, including Jamf Use Certificate configurations.
JoinNow Cloud RADIUS provides global RADIUS coverage without the need for on-premise infrastructure. Entra ID powers identity-backed certificate issuance and real-time access decisions for every authentication event.
With SecureW2 support, the client also stood up an internal certificate authority for private PKI use cases, extending the certificate platform to cover internal services. After initial deployment, the client quickly added 500 more devices to the JoinNow platform.
Results
- 4,000+ devices secured with certificate-based authentication across a global retail footprint
- Password-based Wi-Fi eliminated and replaced with secure digital certificates for authentication
- Dual-MDM integration with Intune and Jamf, which both feed into the same SecureW2-managed PKI for unified lifecycle management
- Global RADIUS coverage delivered without capital expense or distributed hardware maintenance
- Internal CA operational for private PKI use cases beyond Wi-Fi authentication
With SecureW2, a unified certificate lifecycle management layer across the entire organization covers both network authentication and internal services from a single cloud-hosted deployment. The retailer continues to expand device coverage as the global footprint grows, with trusted network security no longer reliant on shared secrets.