DomainAuthenticationKind Enum
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Specifies the enterprise domain authentication mechanism (if any) associated with a network connection profile. Only one non-None value is reported at a time (precedence applies).
public enum class DomainAuthenticationKind/// [Windows.Foundation.Metadata.ContractVersion(Windows.Foundation.UniversalApiContract, 851968)]
enum class DomainAuthenticationKind[Windows.Foundation.Metadata.ContractVersion(typeof(Windows.Foundation.UniversalApiContract), 851968)]
public enum DomainAuthenticationKindvar value = Windows.Networking.Connectivity.DomainAuthenticationKind.nonePublic Enum DomainAuthenticationKind- Inheritance
-
DomainAuthenticationKind
- Attributes
Windows requirements
| Requirements | Description |
|---|---|
| Device family |
Windows 11 Insider Preview (introduced in 10.0.23504.0)
|
| API contract |
Windows.Foundation.UniversalApiContract (introduced in v15.0)
|
Fields
| Name | Value | Description |
|---|---|---|
| None | 0 | Specifies no domain authentication method; and/or that the network couldn't be domain-authenticated. |
| Ldap | 1 | Specifies the domain authentication method for an Active Directory network; and/or that the machine was successful in a Lightweight Directory Access Protocol (LDAP) authentication request against the configured Active Directory servers on the current network. |
| Tls | 2 | Specifies the Transport Layer Security (TLS) domain authentication method; and/or that the network connection was able to successfully complete a HTTPS connection with verified TLS authentication to an endpoint configured by the |
Remarks
Semantics
Use to determine which (if any) enterprise domain authentication mechanism validated a ConnectionProfile.
Key points
- Mutually exclusive: Only one non-
Nonevalue appears. If both LDAP and TLS criteria are satisfied,Ldaptakes precedence. - Modern trust:
Tlsenables cloud / MDM managed devices to recognize corporate networks without legacy LDAP reachability. - Policy dependency:
Tlsrequires an MDM policy defining allowed TLS authentication endpoints. Missing or misconfigured policy meansTlsis never reported. - Negative check: ConnectionProfile.IsDomainAuthenticatedBy with
DomainAuthenticationKind.Noneprecisely indicates no recognized enterprise domain authentication.
Diagnostic flow
- Test ConnectionProfile.IsDomainAuthenticatedBy with
DomainAuthenticationKind.Ldap. - If false, test ConnectionProfile.IsDomainAuthenticatedBy with
DomainAuthenticationKind.Tls. - If both checks return false, treat the profile as unauthenticated (
None).
Scenarios
| Scenario | Action |
|---|---|
| Enabling enterprise-only features | Accept either Ldap or Tls |
| UI indicator | Show badge or label based on enum value |
| Telemetry rollout tracking | Count occurrences of Tls vs Ldap to measure adoption |
| Conditional policy | Relax constraints only when authenticated (not None) |
Best practices
- Re-query on network status / domain change events (roam, resume, captive portal).
- Allow a short stabilization delay after resume before making gating decisions.
- Log both the enum value and profile identifier for support diagnostics.
- Code defensively for potential future enum members (default case handling).
Note
Do not infer authentication from DNS suffixes or SSID naming; rely on the explicit API result.
Example (C#)
var profile = Windows.Networking.Connectivity.NetworkInformation.GetInternetConnectionProfile();
if (profile != null)
{
bool ldap = profile.IsDomainAuthenticatedBy(DomainAuthenticationKind.Ldap);
bool tls = profile.IsDomainAuthenticatedBy(DomainAuthenticationKind.Tls);
bool any = !profile.IsDomainAuthenticatedBy(DomainAuthenticationKind.None);
string mode = ldap ? "LDAP" : tls ? "TLS" : "None";
System.Diagnostics.Debug.WriteLine($"Domain authentication: {mode}");
}