Wireless Topologies Explained (BSS, ESS and SSIDs)

This covers wireless topologies, going over BSS, ESS and SSIDs

CONNETING TO A WIRELESS NETWORK

When you connect to a wireless network, you typically connect to an available SSID then away you go. Once connected you can freely move around a building, moving from one access point to another access point all while still connected to the same SSID.

To manage the connected clients, wireless networks use BSS, ESS and SSIDs to enable mobility.

BASIC SERVICE SET (BSS) 

Thinking about SSIDs, you see it as one overall network for a whole building/campus where you are connected to just that wireless network. That WLAN is made up of access points all broadcasting the SSID for clients. As people connect to the SSID, they also connect to the access point within range.

Each access point has its own local wireless network which covers the broadcast radius of the access point's radios. This local WLAN of the access point is a BSS. For a WLAN, it isn't just the SSID of the whole building/campus but it is also multiple BSS networks that make up the foundations of the network.

Each BSS has an ID that the WLAN uses to track which AP a client is connected to and to ensure each BSS can be uniquely identified. If you go into CMD or PowerShell in Windows, you can use the command 'netsh wlan show interfaces' to see what the BSSID is of the BSS you are connected to. Below is an example.

EXTENDED SERVICE SET (ESS)

Extended Service Sets are basically what we typically call SSIDs. An ESS is a collection of BSSs that are broadcasting the same SSIDs to allow clients to roam between the APs. Below is an example of multiple BSS networks making up a larger WLAN to form an ESS.

SERVICE SET ID (SSID)

SSIDs are friendly names for WLAN networks. BSS networks have a BSSID which is the MAC of the broadcasting AP but SSIDs make things easier. For an ESS, there is no ESSID but the SSID giving it a friendly name removes the need for an ESSID. SSIDs are used for both BSS and ESS as it's easy to have the consistancy and avoids having to use the BSSID.

Automating Autopilot Deployments via Dynamic Device Groups

This covers automating the process of assigning Autopilot deployment profiles, apps and policies to Intune devices.

SETTING UP YOUR ENDPOINT GROUPS

When importing devices into Endpoint Manager, you need to place the device in a group within Azure AD for it to pick up an Autopilot deployment profile then pick up any apps and policies you targeted towards that group after enrollment. 

If it's one or two devices, it's not much work importing the devices then manually adding them to the group but it isn't going to be fun adding 50+ devices to a group. Here's were dynamic device groups come in handy. You can build dynamic groups based on the Group Tag field of Autopilot Devices. 

When generating the hardware ID of a device, you can set the Group Tag at the same time. You can use this tag to automate which group it joins in Azure AD once you've imported them. The rule below is used to match devices with specific Group Tags. The property is "devicePhysicalIds" with the value being "[OrderID]:TAG" replacing TAG with your group tag.

In my example I have used "Marketing" as my Group Tag. This particular group may be for Marketing devices that gets Marketing specific policies and apps. I could have a second dynamic device group for a different department that has different software and policy requirements, using a different Group Tag for them.

This can simplify the build process of devices to just, gather the hardware IDs whilst setting a Group Tag at the same time, importing your CSV file and then going through the OOBE once they have all been imported and have an Autopilot deployment profile assigned.

ASSIGNING A GROUP TAG WHEN GATHERING THE HARDWARE ID

The PowerShell cmdlet to generate the hardware ID has a parameter of -GroupTag followed by a value for your Group Tag such as "Marketing". If you're doing multiple then also use the -Append parameter to append each individual device to the next row of the CSV.