Intune integration issues in the last week

packetplumber9 — Thu, 01 Aug 2019 14:02:03 GMT

Has anyone else has issues with ISE instances authenticating to Microsoft Intune for external MDM checks starting 7/26? I have a TAC case open but no clear resolution yet. We did notice Microsoft posted a change notice for July 26 and that is exactly when our integration stopped working reliably:

https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-breaking-changes#app-only-tokens-for-single-tenant-applications-are-only-issued-if-the-client-app-exists-in-the-resource-tenant

I haven't yet fully parsed all this but it looks like potentially the API ISE uses for queries has changed it's permissions requirements within Azure AD, so I'm posting this to the community since this could affect other ISE installs.

Basically the symptoms are the ISE event logs are full of "401 Unauthorized" error messages and the external MDM report is showing that the API is not pulling any endpoint data. Is anyone else that uses Intune seeing similar behavior?

Re: Intune integration issues in the last week

Nidhi — Fri, 02 Aug 2019 16:04:19 GMT

Yes. we are aware of the changes by MS and there is a known issue where the auto-discovery url would not accept .com address.

Can you share the TAC case with me so that I can understand if there are more such changes

Thanks,

Nidhi

topic Re: Intune integration issues in the last week in Network Access Control

Intune integration issues in the last week

Re: Intune integration issues in the last week