What the policy does
The Windows Wi-Fi Policy lets you create one or more wireless profiles and deliver them to any Windows 10/11 edition that supports MDM (Pro, Enterprise, Education, SE, IoT Enterprise / LTSC). As soon as the profile arrives, Swif writes the settings to the native Windows WLAN service, so users connect to the right network the next time Wi-Fi is in range—without having to see or type a password.
If you are looking for RADIUS Wi-Fi policy, you can refer to Configuring a Policy for RADIUS Wi-Fi on Windows.
Typical use-cases
Scenario | Why the Wi-Fi policy helps |
First-day provisioning of company laptops | Devices boot, pick up the corporate SSID, and finish onboarding without manual steps. |
Rotating PSKs after a security event | Update the Pre-Shared Key / Passphrase field and redeploy—old keys are overwritten automatically. |
Moving to WPA2-Enterprise or WPA3-Enterprise | Supply EAP settings and certificates once; every targeted device switches to certificate-based auth. |
Guest network with proxy | Push a separate guest SSID, mark it Metered and attach proxy details so browsers route traffic correctly. |
Supported OS versions
Windows 10+: Pro, Enterprise, Education
Windows SE 10+
IoT Enterprise / LTSC 10+
Key settings you’ll see in the Swif console
Field | What it controls | Notes / Minimum OS |
SSID (Network name) | The broadcast name of the WLAN the device should join. | Required |
Hidden network |
| Win 10+ |
Connect automatically | Join as soon as the network is in range. | Win 10+ |
Authentication | Open, WPA-Personal/WPA2-Personal, WPA2-Enterprise, WPA3, etc. | Choose Personal for PSK, Enterprise for EAP. |
Encryption | TKIP, AES, GCMP (varies by auth type). | Auto-selected for most modes. |
Pre-Shared Key / Passphrase | The PSK used in WPA-Personal modes. | Stored encrypted in the policy payload. |
EAP Method | TLS, PEAP-MSCHAPv2, TTLS, FAST. | Enterprise modes only. |
Root CA certificate | Thumbprint or upload of the CA that issued the AP cert. | Ensures validation on connect. |
Client certificate | User or device certificate for EAP-TLS. | Optional unless EAP-TLS is selected. |
Proxy settings | None / Manual / PAC file. | Use for guest or inspection networks. |
Metered connection |
| Win 10+ |
Priority | If a device has multiple Wi-Fi profiles, lower numbers are tried first. |
|
Creating the policy
Device Management → Policies → Add Policy → Windows tab → Windows Wi-Fi Policy.
Fill the Policy name and (optionally) a description.
Complete the Settings section using the table above.
For enterprise auth, upload or reference certificates before saving.
Click Continue, choose the devices or device groups that should receive the profile, and Publish.
Swif queues the profile immediately. Most online devices apply it within a few minutes; offline devices receive it at their next check-in.
What the end-user sees
Nothing. The profile is added under Settings → Network & Internet → Wi-Fi → Manage known networks. If Connect automatically is set, Windows switches to the new network silently. If credentials are wrong or a certificate is missing, Windows shows its standard network-error toast and Swif records a Failed status on the device.
Monitoring & troubleshooting
Device details → Policies tab shows whether the Wi-Fi policy is Pending, Succeeded, or Failed.
Activity Log records every policy delivery and any Windows MDM error codes.
To rotate keys or change settings, edit the existing policy; Swif pushes a revision and overwrites the old profile.
Tips & best practices
Tip | Why it matters |
Push enterprise Wi-Fi + root CA + client cert in one policy | Ensures the network is usable on first attempt—no partial connections. |
Use Priority = 1 for corporate, 2 for guest | Devices always prefer the secure network when both are available. |
Enable Metered on mobile-hotspot SSIDs | Prevents Windows Update or OneDrive sync from consuming cellular data. |
Rotate PSKs every quarter | Just update the passphrase and save—the new key is distributed automatically. |
With the Windows Wi-Fi Policy, network onboarding and key rotation are no longer ticket-generating events—one save and Swif handles the rest.
Swif Policy glossary – see All Windows policies article for context.