Has anyone else has issues with ISE instances authenticating to Microsoft Intune for external MDM checks starting 7/26? I have a TAC case open but no clear resolution yet. We did notice Microsoft posted a change notice for July 26 and that is exactly when our integration stopped working reliably:
https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-breaking-changes#app-only-tokens-for-single-tenant-applications-are-only-issued-if-the-client-app-exists-in-the-resource-tenant
I haven't yet fully parsed all this but it looks like potentially the API ISE uses for queries has changed it's permissions requirements within Azure AD, so I'm posting this to the community since this could affect other ISE installs.
Basically the symptoms are the ISE event logs are full of "401 Unauthorized" error messages and the external MDM report is showing that the API is not pulling any endpoint data. Is anyone else that uses Intune seeing similar behavior?