Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
373
Views
0
Helpful
1
Replies

Intune integration issues in the last week

packetplumber9
Level 1
Level 1

‎08-01-2019 07:02 AM

Has anyone else has issues with ISE instances authenticating to Microsoft Intune for external MDM checks starting 7/26? I have a TAC case open but no clear resolution yet.  We did notice Microsoft posted a change notice for July 26 and that is exactly when our integration stopped working reliably:

 https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-breaking-changes#app-only-tokens-for-single-tenant-applications-are-only-issued-if-the-client-app-exists-in-the-resource-tenant

 

I haven't yet fully parsed all this but it looks like potentially the API ISE uses for queries has changed it's permissions requirements within Azure AD, so I'm posting this to the community since this could affect other ISE installs.  

 

Basically the symptoms are the ISE event logs are full of "401 Unauthorized" error messages and the external MDM report is showing that the API is not pulling any endpoint data.  Is anyone else that uses Intune seeing similar behavior? 

0 Helpful
1 Reply 1

Nidhi
Cisco Employee
Cisco Employee

‎08-02-2019 09:04 AM

Yes. we are aware of the changes by MS and there is a known issue where the  auto-discovery url  would not accept .com address.

Can you share the TAC case with me so that I can understand if there are more such changes 

Thanks,

Nidhi 

0 Helpful
Customers Also Viewed These Support Documents