I have a domain network using Windows 2012 R2 as the domain controller. It has NPS setup and I have 801.1x polices configured. I have a WAP that has multiple SSID and security profiles available. Currently I have, working, PSK and a RADIUS SSID's
I have devices that can use RADIUS authentication (laptops and smartphones) and devices that are limited to PSK.
I would like the devices that are capable of using RADIUS authentication to use it and not be able to connect to the PSK. I wish I could rely on the security of not sharing the PSK but it's not a perfect world and I need some additional measures.