@Muppet-UK 

Hey

The Virtual WPS and Push Button (technically both the same) solutions have a large security risk and are generally classified as insecure by.. well almost everyone

The risk was public knowledge around 2015 and generally advice was to disable WPS completely.  Omada, Ubiquiti, Meraki etc have all decided to remove this feature and WPS is no longer an option for business grade or higher devices; this is a decision personally I agree with.    

The thought of having WPS enabled on an AP that will specifically be outside of your physical building, broadcasting to whoever know how many people.. just seems crazy risky!

Some, not all home devices still support WPS via virtual and button, however this is mostly for convenience for non technical people in a setting where security is not paramount. 

I cant speak for TP Link, but I would say that WPS wont ever come back to the Omada range, and that is a good thing.

@Muppet-UK 

Hey

a Virtual button in the controller would be secured log in.

I totally disagree with that statement.  From a security POV if and when that virtual button is pressed, it has the same effect as pressing the physical button, namely anyone that can see the SSID can start to authenticate for 120 seconds.   A simple packet sniffer or logger would pick up that WPS packet and try the 9999 possible combinations in a fraction of a second.. its a massive risk!    Say the user requires you to press it 3 or 4 times because they missed it first time... how many devices are now on your network ??  1 or 4?

As you say people with non technical assets, talking them thru the process of connecting to the wireless and actaually having to give them the key is just as bad!

Agreed preshared keys are a pain.. but If this is a business, why are you using PreShared Keys?   Why not a Radius / Local Login or Enterprise grade setup?   If its a BYOD devices it certainly should be on a guest network away from the managed traffic.   

No users should never be given pre-shared keys ever, you may as well just write it on the wall, you have no control over what devices they are placing on your network.   We have guest devices still running IOS 9 / Android 6 and Windows Vista/7 but they are on a guest SSID where we can mitigate that risk.

remote managed virtual WPS PBC Instead of managing a Guest network on top of core network

I really dont know how to respond to that...  if you honestly think WPS or giving the users the key to your WiFi is the better option    vs   admining a portal based guest network specifically for BYOD..  honestly my friend you need to big time review your security thinking.     

On the SDN Controller setup a Wifi Guest locked to internet only..  create a portal authentication using facebook or voucher code tagging it to the Guest WiFi, let them crack on with no preshared key or reason to call you

I mean no offense by that last statement.. im just honestly shocked with your attitude to security on WiFi! 

@Philbert instead of rambling on like everyone else about things you did not ask, no it does not appear to have the ability to add devices via WPS or any other easy means 🤷

@Olipoppin 

Hey

Thanks for reconfirming what I said in my first response, 9 months ago...