https://community.cisco.com/t5/network-access-control/ise-2-7-p3-fails-to-connect-to-ms-azure-intune/m-p/4408258#M567540 <P>Confirm you have traffic with MDM server via port 443.</P> <P>&nbsp;</P> <P>Regarding certificates,&nbsp;<SPAN>check the&nbsp;</SPAN><STRONG class="ph b">Trust for authentication within ISE</STRONG><SPAN>&nbsp;and&nbsp;</SPAN><STRONG class="ph b">Trust for authentication of Cisco Services</STRONG>.</P> <P>&nbsp;</P> <P>You should be able to see the events on ise-psc.log file.</P> <P>&nbsp;</P> <P>Otherwise, you better open a TAC case for further assistance.</P> Tue, 25 May 2021 12:23:07 GMT lrojaslo 2021-05-25T12:23:07Z https://community.cisco.com/t5/network-access-control/ise-2-7-p3-fails-to-connect-to-ms-azure-intune/m-p/4408150#M567536 <P>Hi, folks.</P><P>I am trying to connect ISE 2.7 P3 to a MS Intune MDM tenant, sadly without success ....</P><P>&nbsp;</P><P>We have imported the necessary certificates (DigiCert and MS Chains) into ISE trusted certs, exported the</P><P>ISE-cert to be imported into Intune by the cloud-guys ... I was also told that all configurations (APP, rights etc.) were</P><P>done correctly on the Intune-side .... but connection still fails.</P><P>&nbsp;</P><P>Connection Failed: 403:Forbidden: the MDM server is not reachable</P><P>&nbsp;</P><P>Is there a detailed description of what happens when the "test connection" button is pressed in one of ISEs log-files ??</P><P>If so, which one might that be ?? <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>&nbsp;</P><P>I also could not find a detailed description on which services the imported certificates should be trusted for ... any ideas ?</P><P>&nbsp;</P><P>Rgs</P><P>Frank</P><P>&nbsp;</P> Tue, 25 May 2021 08:07:05 GMT https://community.cisco.com/t5/network-access-control/ise-2-7-p3-fails-to-connect-to-ms-azure-intune/m-p/4408150#M567536 Frank Lothar Weber 2021-05-25T08:07:05Z https://community.cisco.com/t5/network-access-control/ise-2-7-p3-fails-to-connect-to-ms-azure-intune/m-p/4408258#M567540 <P>Confirm you have traffic with MDM server via port 443.</P> <P>&nbsp;</P> <P>Regarding certificates,&nbsp;<SPAN>check the&nbsp;</SPAN><STRONG class="ph b">Trust for authentication within ISE</STRONG><SPAN>&nbsp;and&nbsp;</SPAN><STRONG class="ph b">Trust for authentication of Cisco Services</STRONG>.</P> <P>&nbsp;</P> <P>You should be able to see the events on ise-psc.log file.</P> <P>&nbsp;</P> <P>Otherwise, you better open a TAC case for further assistance.</P> Tue, 25 May 2021 12:23:07 GMT https://community.cisco.com/t5/network-access-control/ise-2-7-p3-fails-to-connect-to-ms-azure-intune/m-p/4408258#M567540 lrojaslo 2021-05-25T12:23:07Z https://community.cisco.com/t5/network-access-control/ise-2-7-p3-fails-to-connect-to-ms-azure-intune/m-p/4413711#M567719 <P>Try adding the <A href="https://www.digicert.com/kb/digicert-root-certificates.htm" target="_blank">DigiCert Global Root G2</A> certificate to the ISE Trusted Certificate store?</P> <P>Microsoft updated their Graph API cert in ~September 2020 to use the new cert so that may be it.</P> Sun, 06 Jun 2021 20:30:52 GMT https://community.cisco.com/t5/network-access-control/ise-2-7-p3-fails-to-connect-to-ms-azure-intune/m-p/4413711#M567719 thomas 2021-06-06T20:30:52Z