Merge pull request #224 from microsoft/Clay-Microsoft-patch-69

Update RMD_082.md

Author: DavidHoerster

src/react/docs/workshop-guidance/devices/RMD_082.md

@@ -1,10 +1,39 @@
 # 082: Review security, compliance, resource access requirements (Certs/Wi-Fi/VPN)
 
 ## Overview
+When planning to deploy certificates, Wi-Fi, and VPN profiles to Android devices in Intune, there are several important considerations to keep in mind:
 
+### 1. **Enrollment Method**
+- **Choose the Right Enrollment Type**: Decide between Android Enterprise options (like Work Profile, Fully Managed, or Dedicated devices) based on your organization's needs. Each method has different capabilities and management levels.
+
+### 2. **Certificate Management**
+- **SCEP and PKCS Certificates**: Ensure you have a clear strategy for deploying certificates. SCEP (Simple Certificate Enrollment Protocol) is commonly used for automated certificate provisioning. Make sure your devices are configured to accept these certificates for Wi-Fi and VPN authentication¹(https://learn.microsoft.com/en-us/mem/intune/configuration/wi-fi-settings-android).
+- **Trusted Root Certificates**: Deploy trusted root certificates to establish a secure connection. Ensure that these certificates are correctly configured and distributed to devices²(https://learn.microsoft.com/en-us/mem/intune/protect/certificates-trusted-root).
+
+### 3. **Wi-Fi Configuration**
+- **Profile Settings**: When creating Wi-Fi profiles, specify the SSID, security type (e.g., WPA2), and authentication methods (like EAP-TLS or PEAP). Ensure that the settings align with your organization's network requirements¹(https://learn.microsoft.com/en-us/mem/intune/configuration/wi-fi-settings-android).
+- **Hidden Networks**: Decide whether to hide the SSID from users. If you choose to hide it, ensure users know how to connect to the network.
+
+### 4. **VPN Configuration**
+- **VPN Type**: Choose the appropriate VPN type (e.g., IKEv2, L2TP) based on your security needs and compatibility with your infrastructure.
+- **Conditional Access**: Implement conditional access policies to ensure that only compliant devices can connect to the VPN. This adds an extra layer of security.
+
+### 5. **User Experience**
+- **Ease of Use**: Consider the user experience when deploying these profiles. Ensure that the enrollment process is straightforward and that users receive clear instructions on how to connect to Wi-Fi and VPN.
+- **Support and Training**: Provide adequate support and training for users to help them understand how to use the deployed profiles effectively.
+
+### 6. **Testing and Validation**
+- **Pilot Testing**: Before a full rollout, conduct pilot testing with a small group of users to identify any issues with the deployment of certificates, Wi-Fi, and VPN profiles.
+- **Monitoring and Feedback**: After deployment, monitor the performance and gather user feedback to make necessary adjustments.
+
+### 7. **Security Policies**
+- **Compliance and Security**: Ensure that all profiles comply with your organization’s security policies. Regularly review and update these policies to address any emerging threats or changes in technology.
 
 
 ## Reference
 
-* 
+* (1) Configure Wi-Fi settings for Android devices in Microsoft Intune. https://learn.microsoft.com/en-us/mem/intune/configuration/wi-fi-settings-android.
+* (2) Create trusted certificate profiles in Microsoft Intune. https://learn.microsoft.com/en-us/mem/intune/protect/certificates-trusted-root.
+* (3) Configure security, email, VPN, and Wi-Fi device configuration profiles .... https://learn.microsoft.com/en-us/mem/intune/fundamentals/deployment-plan-configuration-profile.
+* (4) Support for SCEP certificates in Android Enterprise dedicated devices. https://techcommunity.microsoft.com/t5/intune-customer-success/support-for-scep-certificates-in-android-enterprise-dedicated/ba-p/928147.