07-07-2022 07:53 AM
Dear All,
I need to know if Cisco ISE 3.1 is compatible with Windows Defender?
I found this document on Microsoft site that confirm it:
Network access control integration with Microsoft Intune | Microsoft Docs
But I' d like to know if it is also true for Cisco.
Best regards,
Igor.
Solved! Go to Solution.
07-08-2022 08:41 AM
Correct, assuming you "Use a device compliance policy to set the level of risk you want to allow. Risk levels are reported by Microsoft Defender for Endpoint. Devices that exceed the allowed risk level are identified as noncompliant."
https://docs.microsoft.com/en-us/mem/intune/protect/advanced-threat-protection
You would then have something like this document setup (dated but the concepts remain valid with the latst ISE releases):
07-07-2022 09:45 AM
The link you shared seems to be talking about ISE and InTune integration. I think ISE support MS Windows Defender, however, when you try to lookup Windows Defender in ISE Antivirus or Malware posture assessment conditions you won't find it, but you will find Microsoft Corporate or Microsoft Corp, that should be the one that will define Microsoft protection app.
07-07-2022 09:18 PM - edited 07-07-2022 09:20 PM
07-08-2022 01:14 AM
Hi Fabrizio, yes, that's what I think.
07-08-2022 01:35 AM
What are you wanting to know about "compatibility"?
There are two potential areas to consider, both of which come under the Posture and MDM (Mobile Device Management) integration use cases. If you are not using Posture or MDM integration then the question is moot as ISE and Defender have very different purposes and do not interact.
In the case of Posture, ISE can check if the endpoint is running Defender and has definitions no older than a period you specify. ISE can also integrate with InTune which can be managing the Defender settings (among other things) and report to ISE whether the endpoint is compliant. ISE can then use that result in the Policy Set as an Authorization condition.
07-08-2022 07:58 AM
Hi Marvin, thank you for your reply.
I will use posture check on Cisco Ise, for the Byod. The Windows Defender will be installed on internal PC, with office 365.
In my idea the Ise should be able to interact with windows defender and if it raise up some allarm, the Ise can act as NAC, and block PC communication or move on a segregated DMZ. Is It possibile?
07-08-2022 08:18 AM
@ifabrizio the type of functionality you are asking about isn't directly supported. Cisco can check if Defender is installed, active and current. It cannot make an authorization (or change of authorization) decision based on an event occurring in Defender.
If you have InTune and it is configured to determine that an active Defender alert makes the managed computer non-compliant with respect to InTune then ISE can change the authorization result in that case.
07-08-2022 08:28 AM
Thank you again Marvin.
Yes we will use defender with InTune.
So is the InTune that communicate with Ise so it can change the authorization, is my understanding correct?
07-08-2022 08:41 AM
Correct, assuming you "Use a device compliance policy to set the level of risk you want to allow. Risk levels are reported by Microsoft Defender for Endpoint. Devices that exceed the allowed risk level are identified as noncompliant."
https://docs.microsoft.com/en-us/mem/intune/protect/advanced-threat-protection
You would then have something like this document setup (dated but the concepts remain valid with the latst ISE releases):
07-11-2022 02:23 AM
Hi Marvin,
Unfortunately I cannot open the link:
docs.microsoft.com/en-us/mem/intune/protect/advanced-threat-protection
Could you please send me this document as attachment?
Best regards,
Igor.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: