Hello Cisco Community!

I hope you're all doing well. I am currently facing an issue regarding the configuration of Cisco ISE v3.2 for Azure AD authentication as dot1x. I have successfully integrated Azure AD with ROPC REST API, but now I want to utilize this authentication for dot1x purposes.

After studying various online sources, I have come across information suggesting that this can be achieved using the EAP-TLS protocol. However, I am a bit confused about which certificate to use and where to obtain and install it. It's worth noting that we primarily operate in an Apple environment.

I would greatly appreciate any guidance or assistance from the community in resolving this issue. Specifically, I would like to know:

1. Which certificate should be used for the EAP-TLS authentication in the context of Azure AD integration with Cisco ISE?
2. Where can I obtain the necessary certificate?
3. Once obtained, how and where should the certificate be installed within our Apple environment?

Any insights, recommendations, or step-by-step instructions would be immensely helpful in helping me navigate this configuration challenge.

Thank you all in advance for your time and support!