cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5131
Views
4
Helpful
5
Replies

Cisco ISE integrating with Microsoft SCCM

benjamin-banks1
Level 1
Level 1

Has Cisco published something on how the integration of ISE 2.0 into SCCM works regarding patch management?  I am trying to deploy this type of solution but struggling to get my head around how ISE and the SCCM client talk to each other.  More specifically, I am tyring to understand how SCCM collections are built to only install the required patches that are causing the AnyConnect client to fail the posture assessment in ISE.

1 Accepted Solution

Accepted Solutions

soupanda
Cisco Employee
Cisco Employee

Hello Benjamin,

please find attached a reference document on AnyConnect and SCCM client integration, hope you find it helpful.

The integration to detect and remediate missing patches has been done at the AnyConnect client, where ISEPosture client / 'System Scan' , has the ability to query the SCCM client for a list of all missing patches.If the patches in the missing patch list are CRITICAL in severity, AnyConnect ISEPosture client can then force SCCM client to download and install all missing critical patches before letting network access.

-Soumya Panda

View solution in original post

5 Replies 5

hslai
Cisco Employee
Cisco Employee

I've forwarded your inquiry to our SME on this. He will post a response early next week.

soupanda
Cisco Employee
Cisco Employee

Hello Benjamin,

please find attached a reference document on AnyConnect and SCCM client integration, hope you find it helpful.

The integration to detect and remediate missing patches has been done at the AnyConnect client, where ISEPosture client / 'System Scan' , has the ability to query the SCCM client for a list of all missing patches.If the patches in the missing patch list are CRITICAL in severity, AnyConnect ISEPosture client can then force SCCM client to download and install all missing critical patches before letting network access.

-Soumya Panda

I very much appreciate the attachment.  That is exactly what I was needing and has proven very helpful.  Thank you very much!

Hi,

I was just wondering if there's a newer version of this SCCM reference guide for ISE versions 2.0 and greater as well as AnyConnect 4.2 and greater? If not, does this document still apply to the newer versions of ISE (2.0 and onward) and AnyConnect (4.2 and onward)?

Thanks

Nolan

nikhilcherian
Level 5
Level 5

Excellent document, thanks for sharing!!

I can see a line in the document which says "Create a requirement from the condition and remediation action created". Can I create a remediation action for automatic install of the pending patch

Regards

Nikhil