cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

4086
Views
4
Helpful
5
Replies
benjamin-banks1
Beginner

Cisco ISE integrating with Microsoft SCCM

Has Cisco published something on how the integration of ISE 2.0 into SCCM works regarding patch management?  I am trying to deploy this type of solution but struggling to get my head around how ISE and the SCCM client talk to each other.  More specifically, I am tyring to understand how SCCM collections are built to only install the required patches that are causing the AnyConnect client to fail the posture assessment in ISE.

1 ACCEPTED SOLUTION

Accepted Solutions
soupanda
Cisco Employee

Hello Benjamin,

please find attached a reference document on AnyConnect and SCCM client integration, hope you find it helpful.

The integration to detect and remediate missing patches has been done at the AnyConnect client, where ISEPosture client / 'System Scan' , has the ability to query the SCCM client for a list of all missing patches.If the patches in the missing patch list are CRITICAL in severity, AnyConnect ISEPosture client can then force SCCM client to download and install all missing critical patches before letting network access.

-Soumya Panda

View solution in original post

5 REPLIES 5
hslai
Cisco Employee

I've forwarded your inquiry to our SME on this. He will post a response early next week.

soupanda
Cisco Employee

Hello Benjamin,

please find attached a reference document on AnyConnect and SCCM client integration, hope you find it helpful.

The integration to detect and remediate missing patches has been done at the AnyConnect client, where ISEPosture client / 'System Scan' , has the ability to query the SCCM client for a list of all missing patches.If the patches in the missing patch list are CRITICAL in severity, AnyConnect ISEPosture client can then force SCCM client to download and install all missing critical patches before letting network access.

-Soumya Panda

View solution in original post

I very much appreciate the attachment.  That is exactly what I was needing and has proven very helpful.  Thank you very much!

Hi,

I was just wondering if there's a newer version of this SCCM reference guide for ISE versions 2.0 and greater as well as AnyConnect 4.2 and greater? If not, does this document still apply to the newer versions of ISE (2.0 and onward) and AnyConnect (4.2 and onward)?

Thanks

Nolan

nikhilcherian
Contributor

Excellent document, thanks for sharing!!

I can see a line in the document which says "Create a requirement from the condition and remediation action created". Can I create a remediation action for automatic install of the pending patch

Regards

Nikhil

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars



Did you miss a previous ISE webinar?

CiscoISE YouTube Channel