https://community.cisco.com/t5/network-access-control/ise-integration-with-intune-mdm/m-p/5230125#M593420 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1573054">@ndahemmy</a>&nbsp;</P> <P>&nbsp;Q1- not sure about the PSK but certificate is always the best option.</P> <P>And you can define how long a certificate last. Althouth the good practice is not too long period</P> <P>Q2- These are the supported MDM on cisco doc</P> <H2 id="ariaid-title3" class="title topictitle2">Supported Unified Endpoint Management and Mobile Device Management Servers</H2> <SECTION class="body conbody"> <P class="p B1_Body1-F9CE5028">Supported MDM servers include products from the following vendors:</P> <UL id="id_24382__ul_efw_q3d_wv" class="ul"> <LI id="id_24382__li_05641B995CF1415284BF08FA78A32955" class="li"> <P class="p">Absolute</P> </LI> <LI class="li"> <P class="p">Blackberry - BES</P> </LI> <LI class="li"> <P class="p">Blackberry - Good Secure EMM</P> </LI> <LI id="id_24382__li_6290FA0FCEBE4CD88FCC18D8122C30E6" class="li"> <P class="p">Cisco Meraki Systems Manager</P> </LI> <LI class="li"> <P class="p">Citrix XenMobile 10.x (On-prem)</P> </LI> <LI id="id_24382__li_13938E8E3A7D42CE983BEF115F09C8B3" class="li"> <P class="p">Globo</P> </LI> <LI class="li"> <P class="p">IBM MaaS360</P> </LI> <LI id="id_24382__li_57EF46BC58FB4BC98BE5A4080D1209DD" class="li"> <P class="p">Ivanti (previously MobileIron UEM), core and cloud UEM services</P> </LI> </UL> </SECTION> <P>&nbsp;</P> Thu, 28 Nov 2024 14:43:19 GMT Flavio Miranda 2024-11-28T14:43:19Z https://community.cisco.com/t5/network-access-control/ise-integration-with-intune-mdm/m-p/5230105#M593412 <P>Hello,</P><P>We intend to integrate ISE with with Microsoft Intune MDM. all of documentation i have seen, You have to register ISE as an application in Azure AD and use certificates for authentication. I have two questions in my mind if anyone has an answer kindly share.</P><P>Q1. Is it possibkle to use shared key or password instead of certificates ? thinking certificates expires am trying to think other alternatives.</P><P>Q2. Is it possible to integrate ISE in Intune itself instead of creating ISE as an application in Azure AD then the app use API to talk with ISE ?</P><P>&nbsp;</P><P>&nbsp;</P><P>Thank you</P> Thu, 28 Nov 2024 13:59:19 GMT https://community.cisco.com/t5/network-access-control/ise-integration-with-intune-mdm/m-p/5230105#M593412 ndahemmy 2024-11-28T13:59:19Z https://community.cisco.com/t5/network-access-control/ise-integration-with-intune-mdm/m-p/5230125#M593420 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1573054">@ndahemmy</a>&nbsp;</P> <P>&nbsp;Q1- not sure about the PSK but certificate is always the best option.</P> <P>And you can define how long a certificate last. Althouth the good practice is not too long period</P> <P>Q2- These are the supported MDM on cisco doc</P> <H2 id="ariaid-title3" class="title topictitle2">Supported Unified Endpoint Management and Mobile Device Management Servers</H2> <SECTION class="body conbody"> <P class="p B1_Body1-F9CE5028">Supported MDM servers include products from the following vendors:</P> <UL id="id_24382__ul_efw_q3d_wv" class="ul"> <LI id="id_24382__li_05641B995CF1415284BF08FA78A32955" class="li"> <P class="p">Absolute</P> </LI> <LI class="li"> <P class="p">Blackberry - BES</P> </LI> <LI class="li"> <P class="p">Blackberry - Good Secure EMM</P> </LI> <LI id="id_24382__li_6290FA0FCEBE4CD88FCC18D8122C30E6" class="li"> <P class="p">Cisco Meraki Systems Manager</P> </LI> <LI class="li"> <P class="p">Citrix XenMobile 10.x (On-prem)</P> </LI> <LI id="id_24382__li_13938E8E3A7D42CE983BEF115F09C8B3" class="li"> <P class="p">Globo</P> </LI> <LI class="li"> <P class="p">IBM MaaS360</P> </LI> <LI id="id_24382__li_57EF46BC58FB4BC98BE5A4080D1209DD" class="li"> <P class="p">Ivanti (previously MobileIron UEM), core and cloud UEM services</P> </LI> </UL> </SECTION> <P>&nbsp;</P> Thu, 28 Nov 2024 14:43:19 GMT https://community.cisco.com/t5/network-access-control/ise-integration-with-intune-mdm/m-p/5230125#M593420 Flavio Miranda 2024-11-28T14:43:19Z https://community.cisco.com/t5/network-access-control/ise-integration-with-intune-mdm/m-p/5230219#M593433 <P>You didn't include Intune in supported MDM though it is supported as per below document</P><P><A href="https://www.cisco.com/c/en/us/td/docs/security/ise/UEM-MDM-Server-Integration/b_MDM_UEM_Servers_CiscoISE.pdf" target="_self">https://www.cisco.com/c/en/us/td/docs/security/ise/UEM-MDM-Server-Integration/b_MDM_UEM_Servers_CiscoISE.pdf</A>&nbsp;</P><P>&nbsp;</P> Thu, 28 Nov 2024 19:23:20 GMT https://community.cisco.com/t5/network-access-control/ise-integration-with-intune-mdm/m-p/5230219#M593433 ndahemmy 2024-11-28T19:23:20Z https://community.cisco.com/t5/network-access-control/ise-integration-with-intune-mdm/m-p/5230221#M593434 <P>Sorry. Probably is the doc version.&nbsp;</P> <P>• Cisco Meraki Systems Manager<BR />• Ivanti (previously MobileIron UEM) core and cloud UEM services<BR />• Microsoft Endpoint Manager Intune<BR />• JAMF Casper Suite<BR />• VMware Workspace ONE (previously AirWatch)</P> Thu, 28 Nov 2024 19:31:36 GMT https://community.cisco.com/t5/network-access-control/ise-integration-with-intune-mdm/m-p/5230221#M593434 Flavio Miranda 2024-11-28T19:31:36Z https://community.cisco.com/t5/network-access-control/ise-integration-with-intune-mdm/m-p/5230245#M593440 <P>A1. No. If you want to use the GUID method, it requires using a certificate with the properly formatted GUID string. The other option is using the MAC address for performing the registration/compliance lookup against Intune, but that has other issues (docks, dongles, randomized MAC Addresses, etc).</P> <P>A2. Entra ID is the identity store behind Intune and they are tightly coupled. Creating the App Registration in Entra ID provides the Service Principal that is needed to interact with Intune. This is how is works on the MS side and is not specific to ISE.</P> Thu, 28 Nov 2024 21:17:30 GMT https://community.cisco.com/t5/network-access-control/ise-integration-with-intune-mdm/m-p/5230245#M593440 Greg Gibbs 2024-11-28T21:17:30Z