Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
398
Views
0
Helpful
7
Replies

Cisco ISE - Intune Integration

hs08
VIP
VIP

‎11-05-2025 10:37 PM

I'm try to integrate Cisco ISE to Intune with following this article, and i got this error. Anyone know why?

How to: Integrate Cisco ISE MDM with Microsoft Intune - Cisco Community

hs08_0-1762410976020.png

 

0 Helpful
7 Replies 7

Aref Alsouqi
VIP
VIP

‎11-06-2025 04:22 AM

Seems InTune is not happy with the certificate being used.

0 Helpful

hs08
VIP
VIP
In response to Aref Alsouqi

‎11-06-2025 04:42 AM

Lol. But are you know which certificate should be download from intune?

I already download and import below certificate:

  • Microsoft Azure RSA TLS Issuing CA 03
  • Microsoft Azure RSA TLS Issuing CA 04
  • Microsoft Azure RSA TLS Issuing CA 07
  • Microsoft Azure RSA TLS Issuing CA 08
  • Microsoft TLS RSA Root G2
0 Helpful

Aref Alsouqi
VIP
VIP
In response to hs08

‎11-06-2025 05:45 AM

Good question ;). I think it's more the certificate on InTune side. Have you exported ISE cert and imported it into InTune?

0 Helpful

Aref Alsouqi
VIP
VIP
In response to Aref Alsouqi

‎11-06-2025 05:46 AM

They are steps 5 through 7 on the link you shared.

0 Helpful

hs08
VIP
VIP
In response to Aref Alsouqi

‎11-06-2025 05:53 AM

yes i already create app registration and certificate from ise already imported to this app.

 

0 Helpful

Aref Alsouqi
VIP
VIP

‎11-10-2025 08:06 AM

No sure what else to suggest, sorry. Maybe @Greg Gibbs or @thomas could suggest something.

0 Helpful

Greg Gibbs
Cisco Employee
Cisco Employee

‎11-11-2025 12:40 AM

See my blog post regarding the certificate changes and requirements related to the Intune MDM integration:
https://cs.co/ise-entraid#Intune

"

Please note that the Microsoft TLS Issuing CA certificates formerly used by the ISE Intune MDM integration function will expire on 27 June 2024. However, Microsoft has already completed the rotation of the certificates used for the Compliance Retrieval (NAC 2.0) API endpoints.

With those changes, ISE is now only required to have the DigiCert Global Root G2 CA certificate in Trusted Certificates store for the MDM lookups to work properly. Although this Root Certificate is installed in the Trusted Certificates store by default, you should ensure that the option for 'Trust for authentication within ISE' is enabled under the Usage options."

If this certificate setting has been confirmed but it is still not working, you might need to open a TAC case to investigate further via the debug logs.

0 Helpful
Customers Also Viewed These Support Documents