Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
76
Views
1
Helpful
1
Replies

integrate mdm check using GUID authentication ISE 3.2 VPN

Jonathan-Vellturo
Level 1
Level 1

‎06-26-2025 10:19 AM - edited ‎06-26-2025 10:21 AM

Hi,

I am trying to find documentation or help on integrating ISE 3.2 with Intune for MDM checks.  Specifically, using the GUID.  I found some documentation that states I need to create an Authentication policy and a cert profile to extract the GUID from our cert installed on our endpoints (which we have created a new cert with the SAN field for GUID) but I'm uncertain on how to in ISE.  This is for for VPN endpoints

0 Helpful
1 Reply 1

Greg Gibbs
Cisco Employee
Cisco Employee

‎06-26-2025 07:52 PM

The certificate is terminated on the VPN headend, so ISE never sees the certificate. It's basically just PAP between the headend and ISE.

For some mobile devices, Intune supports insertion of the GUID into the Secure Client ACIDEX information where ISE can use it for MDM lookups.
https://www.cisco.com/c/en/us/td/docs/security/ise/UEM-MDM-Server-Integration/b_MDM_UEM_Servers_CiscoISE/m_integrate-microsoft-endpoint-manager-intune.html#manage-vpn-connected-endpoints

The same option is not supported for other endpoint types (including Windows), so the only option would be using MAC Address based MDM lookups.

Customers Also Viewed These Support Documents