Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5106
Views
5
Helpful
2
Replies

MS Intunes and Cisco ISE

Go to solution
Yazan
Cisco Employee
Cisco Employee

‎07-18-2018 01:02 AM

Hello Team,

My customer is testing Microsoft’s Intunes MDM solution with ISE. They reported being able to work with it successfully on the Wireless clients that registered on the cloud but ran into  issues when they tried implementing it for wired.

The main question they are looking to answer is what is the unique identifier ISE uses to tell MS Intunes which client is authenticating? Is this the Mac address?

If it is the mac address, how would we identify an intunes client that registered on the cloud when they authenticate on the wire?


Thanks in advance.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
kthiruve
Cisco Employee
Cisco Employee

‎07-18-2018 03:24 PM

Hi Yazan,

Please see the ISE integration guide. Though it is slightly older, the content is still good.

How to Integrate Microsoft Intune with ISE 2.1 Presentation

Thanks

Krishnan

View solution in original post

0 Helpful
2 Replies 2

Go to solution
kthiruve
Cisco Employee
Cisco Employee

‎07-18-2018 03:24 PM

Hi Yazan,

Please see the ISE integration guide. Though it is slightly older, the content is still good.

How to Integrate Microsoft Intune with ISE 2.1 Presentation

Thanks

Krishnan

0 Helpful

Go to solution
hewun.kim
Level 1
Level 1

‎02-01-2021 08:54 PM - edited ‎02-01-2021 09:36 PM

Hi Yazan,

 

I know it is an old post but posting for anyone else that searches because the answer isn't clearly stated anywhere else.

 

When  ISE queries Microsoft Intune it appears to use the mac-address as the device identifier in the API call for example: https://xxx.xxxxx.manage.microsoft.com/StatelessNacService/ciscodeviceinfo/mdm/api/devices/?paging=0&querycriteria=macaddress&value=xxxxxxxx&filter=all

 

When a client registers with Intune, the mac-address of the device is collected and stored by Intune.  When authenticating on the wire, the mac-address which is the calling station id, would be used by ISE to query Intune for the device status.  (I hope I understood the question above).  What I don't know is if ISE can be configured to use other available attributes to query Intune such as hostname which may be more desirable than using mac-addresses considering mac-address isn't always consistent e.g. mac-randomization, docking stations, usb ethernet adapters, thunderbolt ethernet adapters etc etc.

 

Regards,

 

He-Wun

 

Customers Also Viewed These Support Documents