Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5134
Views
4
Helpful
5
Replies

Cisco ISE integrating with Microsoft SCCM

Go to solution
benjamin-banks1
Level 1
Level 1

‎04-15-2016 02:21 PM

Has Cisco published something on how the integration of ISE 2.0 into SCCM works regarding patch management?  I am trying to deploy this type of solution but struggling to get my head around how ISE and the SCCM client talk to each other.  More specifically, I am tyring to understand how SCCM collections are built to only install the required patches that are causing the AnyConnect client to fail the posture assessment in ISE.

1 Accepted Solution

Accepted Solutions

Go to solution
soupanda
Cisco Employee
Cisco Employee

‎04-19-2016 04:10 PM

Hello Benjamin,

please find attached a reference document on AnyConnect and SCCM client integration, hope you find it helpful.

The integration to detect and remediate missing patches has been done at the AnyConnect client, where ISEPosture client / 'System Scan' , has the ability to query the SCCM client for a list of all missing patches.If the patches in the missing patch list are CRITICAL in severity, AnyConnect ISEPosture client can then force SCCM client to download and install all missing critical patches before letting network access.

-Soumya Panda

View solution in original post

Preview file
1073 KB
5 Replies 5

Go to solution
hslai
Cisco Employee
Cisco Employee

‎04-15-2016 08:25 PM

I've forwarded your inquiry to our SME on this. He will post a response early next week.

0 Helpful

Go to solution
soupanda
Cisco Employee
Cisco Employee

‎04-19-2016 04:10 PM

Hello Benjamin,

please find attached a reference document on AnyConnect and SCCM client integration, hope you find it helpful.

The integration to detect and remediate missing patches has been done at the AnyConnect client, where ISEPosture client / 'System Scan' , has the ability to query the SCCM client for a list of all missing patches.If the patches in the missing patch list are CRITICAL in severity, AnyConnect ISEPosture client can then force SCCM client to download and install all missing critical patches before letting network access.

-Soumya Panda

Preview file
1073 KB

Go to solution
benjamin-banks1
Level 1
Level 1
In response to soupanda

‎04-20-2016 07:05 AM

I very much appreciate the attachment.  That is exactly what I was needing and has proven very helpful.  Thank you very much!

0 Helpful

Go to solution
nolanrumble
Level 1
Level 1
In response to soupanda

‎06-20-2017 09:27 AM

Hi,

I was just wondering if there's a newer version of this SCCM reference guide for ISE versions 2.0 and greater as well as AnyConnect 4.2 and greater? If not, does this document still apply to the newer versions of ISE (2.0 and onward) and AnyConnect (4.2 and onward)?

Thanks

Nolan

0 Helpful

Go to solution
nikhilcherian
Level 5
Level 5

‎11-03-2016 03:52 AM

Excellent document, thanks for sharing!!

I can see a line in the document which says "Create a requirement from the condition and remediation action created". Can I create a remediation action for automatic install of the pending patch

Regards

Nikhil

0 Helpful
Customers Also Viewed These Support Documents