HI, Looking for some advice on the best authentication method to use with Meraki for our environment. We are in Hybrid mode with O365 via ADFS, and shortly all mailboxes and data will be migrated to the cloud to allow staff to work from home etc. Users currently have on-prem AD joined laptops and PC's, but going forwards we are replacing up to 150 laptops and the current plan is to Azure AD join them instead of directly to the on-prem domain, and manage with Intune. We installed a new Meraki wireless network and configured a local NPS server as per Meraki instructions "Configuring RADIUS Authentication with WPA2-Enterprise" using Domain/Users Group, and I can connect to the corporate SSID using my AD credentials. However, we would like to lock down access to just corporate machines but the Azure AD joined machines do not show in the on-prem AD so cannot just use the domain/computers group. If we go down the local on-prem CA server certificate route , as I understand it we would have to first add this as a trusted authority on all the Azure joined laptops. I am leaning towards using a trusted CA authority cert from Go-Daddy - is this the best option for my scenario?