11-17-2022 05:55 AM - edited 11-17-2022 05:57 AM
Hello Team,
We have a requirement from Customer for deploying Cisco ISE 3.1 with Intune for Windows patch management
Does anyone faced any challenges in achieving this? We are already having few compliance checks defined, additionally we need to achieve this requirement along with existing compliance checks.
Solved! Go to Solution.
11-17-2022 02:05 PM
ISE would not have anything to do with the Windows update policy applied and managed by Intune. ISE can perform compliance checks against Intune, but the ISE Authorization policy would simply be based on a true/false MDM compliance response from Intune.
You would also need to be careful about how you write your compliance policies in Intune. If the compliance is based on the level of software update status, you might run into a chicken/egg issue where the endpoint does not have the latest updates is not compliant, and it is no compliant so it cannot get onto the network to get the latest updates. The user would then have to use another internet connection to get the updates so they can become compliant before connecting back to the corp network.
Also, if you are not already using the MS Graph API and MDM APIv3 for Intune MDM integration, you should migrate to that ASAP due the information provided this Field Notice.
https://www.cisco.com/c/en/us/support/docs/field-notices/724/fn72427.html
11-17-2022 09:18 AM
- You may find this thread informational : https://community.cisco.com/t5/network-access-control/ise-integration-with-ms-intune/td-p/4511984
M.
11-17-2022 02:05 PM
ISE would not have anything to do with the Windows update policy applied and managed by Intune. ISE can perform compliance checks against Intune, but the ISE Authorization policy would simply be based on a true/false MDM compliance response from Intune.
You would also need to be careful about how you write your compliance policies in Intune. If the compliance is based on the level of software update status, you might run into a chicken/egg issue where the endpoint does not have the latest updates is not compliant, and it is no compliant so it cannot get onto the network to get the latest updates. The user would then have to use another internet connection to get the updates so they can become compliant before connecting back to the corp network.
Also, if you are not already using the MS Graph API and MDM APIv3 for Intune MDM integration, you should migrate to that ASAP due the information provided this Field Notice.
https://www.cisco.com/c/en/us/support/docs/field-notices/724/fn72427.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide