Recently I encountered a situation where a number of Android devices were unable to connect to a wireless network using EAP-TLS authentication, Intune was reporting an Error state for the Configuration Profile however the error message (as usual) didn’t allude to a cause.
The error code displayed within Intune admin centre when drilling down to an affected user’s device was “942518331” and when drilling further it provided a different code of “0x7d24fc5”.
Without access to an impacted device on hand, I was able to find a few articles online where users had reported similar behaviour and a suggested fix stood out as something we hadn’t yet configured (defining a Radius Server name rather than leaving this blank).
Defining a Radius Server name within the Configuration profile ensures that during authentication the device only interacts with a specified server rather than negotiating with any Radius server.
According to the comment left on the Microsoft Q&A it appears that a change was introduced to Android 13 where the June (or newer) security update is installed which requires a Radius Server to be defined when connecting to an enterprise Wi-Fi network.
After adding the Radius Server entry and re-syncing on an impacted device it was then able to successfully connect to a corporate wireless network, I was unable to find any notifications from the Intune Support team and/or notes in the Android security update changelog to show that this change was made however there definitely looks to be a link between the June 2023 security update and lack of having a Radius server name defined in your Wi-Fi configuration profile.