ChromeOS version: 66+ (including Beta channel) 
66.0.3359.181 >Editable.
66.0.3359.137 >Editable


65.0.3325.209>Not editable.
64.0.3282.190>Not editable.
ChromeOS device model: any Chrome devices(I tested swanky).
Case#: 16405663

Description: Some of enforced WiFi settings listed below are editable when the device user disconnects Wi-Fi from the network. 
Therefore, the device user is able to change the values.
(EAP Method, Phase 2 authentication, Sever CA certificate) 
These settings are not editable on CrOS 64, 65.

Steps to reproduce: 
1.Create a new Wi-Fi settings(Security type:WPA/WPA2 Enterprise (802.x).
2.Enforce Enterprise network from the Admin console.
3.Sign in the device and reload the policies. 

https://drive.google.com/open?id=1Dpv6mmLOM2T2S9LtkXTkdQdK4J3jy29P
4.The device will connect to the enforced network. 
5.On the device, go to the settings >WiFi > select the enforced network.
6.Click on 'Disconnect' and then select 'Configure' .
7.Some of values that enforced are editable.
-CrOS 66:https://drive.google.com/open?id=1gnHBru52TSoonpfJnCOx3f_NosKrM-Qh
-CrOS 64: https://drive.google.com/open?id=14BRo9vfhC5NKLy7-0h6HKKM_CImlOuQK
EPA method, EAP Phase 2 authentication and Server CA certificate are able to change the values, but CrOS65, 64 are not able to change.

Current Behavior / Reproduction: 
Some of enforced WiFi settings are editable and the device user is able to change the values.

Expected Behavior: 
The listed below Wi-Fi settings that enforced by Admin Console should not be edited from the device side.
(EAP Method, Phase 2 authentication, Sever CA certificate) 

Drive link to logs: 
https://drive.google.com/open?id=1uVYFheE7ZWH5_3eC9hCwVJ-sb8BR61KY
The log file was taken from the local test device swanky.
Date/time:2018/08/16 Time:11:21
(CrOS:66.0.3359.137)