Solved: Integrating ISE with Azure Intune as MDM - Page 3

Kalipso · ‎10-05-2021

Hello,

I'm trying to use Computer authentication with Azure AD.

As Azure AD only works with SAML, and ROPC only allows EAP-TTLS ie user authentication , I'm looking into Intune as a MDM server.

I've followed all the procedure here :

https://www.cisco.com/c/en/us/td/docs/security/ise/UEM-MDM-Server-Integration/b_MDM_UEM_Servers_CiscoISE/chapter.html

The certificates are trusted both sides, but when I test the connection I get the following error :

Connection to server failed with:

Unrecognized field "requestId" (Class com.cisco.cpm.mdm.auto.discovery.MdmAzureDirectoryServiceErrorOdata), not marked as ignorable at [Source: java.io.StringReader@20d9ea84; line: 1, column: 152] (through reference chain: com.cisco.cpm.mdm.auto.discovery.MdmAzureDirectoryServiceErrorResponse["odata.error"]->com.cisco.cpm.mdm.auto.discovery.MdmAzureDirectoryServiceErrorOdata["requestId"])

Please try with different settings.

Packet capture shows one connection to the token URL, so I guess the token retrieval is ok, then another connection to the discovery URL https://graph.windows.net/<Tenant ID>.

We are running version 3.0 Patch 4.

Does anyone knows how to resolve this ?

DanijelTurkovic8724 · ‎11-02-2023

Hi,

In my case GIUD wasn't configure OK in SCEP profile. Just make sure that Azure admin have configure entry same as in guide in SCEP profile.
You can turn on in ISE Live log tab GUID filter - > when you are able to see there entry SCEP is then configured ok.
We are using ISE and MDM for last 6 months and I am considering to back off from this solution.
It works pretty unstable...
BR
Danijel