Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
750
Views
0
Helpful
2
Replies

Cisco ISE 3.1 with InTune for Patch Management

Go to solution
Jithishkk1514
Level 1
Level 1

‎11-17-2022 05:55 AM - edited ‎11-17-2022 05:57 AM

Hello Team,

We have a requirement from Customer for deploying Cisco ISE 3.1 with Intune for Windows patch management

Does anyone faced any challenges in achieving this?  We are already having few compliance checks defined, additionally we need to achieve this requirement along with existing compliance checks.

@ISE 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎11-17-2022 02:05 PM

ISE would not have anything to do with the Windows update policy applied and managed by Intune. ISE can perform compliance checks against Intune, but the ISE Authorization policy would simply be based on a true/false MDM compliance response from Intune.

You would also need to be careful about how you write your compliance policies in Intune. If the compliance is based on the level of software update status, you might run into a chicken/egg issue where the endpoint does not have the latest updates is not compliant, and it is no compliant so it cannot get onto the network to get the latest updates. The user would then have to use another internet connection to get the updates so they can become compliant before connecting back to the corp network.

Also, if you are not already using the MS Graph API and MDM APIv3 for Intune MDM integration, you should migrate to that ASAP due the information provided this Field Notice.

https://www.cisco.com/c/en/us/support/docs/field-notices/724/fn72427.html

 

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
marce1000
VIP
VIP

‎11-17-2022 09:18 AM

 

 - You may find this thread informationalhttps://community.cisco.com/t5/network-access-control/ise-integration-with-ms-intune/td-p/4511984

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎11-17-2022 02:05 PM

ISE would not have anything to do with the Windows update policy applied and managed by Intune. ISE can perform compliance checks against Intune, but the ISE Authorization policy would simply be based on a true/false MDM compliance response from Intune.

You would also need to be careful about how you write your compliance policies in Intune. If the compliance is based on the level of software update status, you might run into a chicken/egg issue where the endpoint does not have the latest updates is not compliant, and it is no compliant so it cannot get onto the network to get the latest updates. The user would then have to use another internet connection to get the updates so they can become compliant before connecting back to the corp network.

Also, if you are not already using the MS Graph API and MDM APIv3 for Intune MDM integration, you should migrate to that ASAP due the information provided this Field Notice.

https://www.cisco.com/c/en/us/support/docs/field-notices/724/fn72427.html

 

 

0 Helpful
Customers Also Viewed These Support Documents