Cisco ISE 3.3 with AZURE AD/ Intune - Page 2

Leonardo Santana · ‎06-18-2024

Hi,

Our customer wants to integrate Cisco ISE with Azure AD, and they want to use AutoPilot to autoprovision the computers. But how can we authenticate and authorize a computer that dont have anything?

If we integrate with Intune this will work?

Enviroment:

Two nodes ISE 3.3 Patch 2

Regards

Regards
Leonardo Santana

*** Rate All Helpful Responses***

pritamCTC · ‎02-27-2025

Thanks, @Greg Gibbs , so by using the above approach the personal non-official devices can't use our corporate SSID even they have Entra ID - username and password? just wanted to highlight again we are using EAP-TTLS ROPC REST process (no cert concept).

PSM · ‎02-28-2025

@pritamCTC in addition to Random MAC address what @Greg Gibbs mentioned above, If endpoint is using some docking station or adapter it is also going to fail as Intune is not having MAC address of Docking station/adapter not mapped to the endpoint database. Also some other MDMs like WSOne have only one MAC address (main address as they say) mapped for one endpoint. And while connecting to network if endpoint use different MAC, MDM will not be able to find the endpoint in its database using that mac address when ISE queries to MDM for that.

pritamCTC · ‎03-19-2025

@PSM thanks for your response. In-case if we go for Intune, and those network wireless card if we want to register on Intune, will that be possible?

PSM · ‎03-21-2025

@pritamCTC no, don't think you can add network cards in Intune and identify devices with those mac addresses