Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2622
Views
0
Helpful
5
Replies

Intune - MDM

Go to solution
jim.thomas
Level 1
Level 1

‎06-08-2020 01:52 PM

This question is more of an architecture question. Intune integration has been working fine with no  issues. However, looking at this closer, I'm seeing that the PAN's cert is uploaded/trusted by the OATH app on the Azure-side of the connection. This infers that if the PAN is rebooted or goes down and the secondary PAN is NOT in auto-failover mode, the MDM interrogation will fail. Is that correct? In other words, we cannot have the PSN interrogate Intune, only the active PAN?

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
saxenanitesh8522
Level 4
Level 4

‎06-08-2020 09:51 PM

Hi,

 

There was document with regards to the same:-

 

Step 1: Download/export ISE PAN certificate (only one cert incase of wild card cert, both
primary PAN and secondary PAN cert incase of CA signed public certificates)

 

https://community.cisco.com/t5/security-documents/how-to-integrate-microsoft-intune-with-ise-2-1-presentation/ta-p/3619502  --> page 18.

 

Now the certificate which is exported is wildcard or ca signed.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
saxenanitesh8522
Level 4
Level 4

‎06-08-2020 09:51 PM

Hi,

 

There was document with regards to the same:-

 

Step 1: Download/export ISE PAN certificate (only one cert incase of wild card cert, both
primary PAN and secondary PAN cert incase of CA signed public certificates)

 

https://community.cisco.com/t5/security-documents/how-to-integrate-microsoft-intune-with-ise-2-1-presentation/ta-p/3619502  --> page 18.

 

Now the certificate which is exported is wildcard or ca signed.

0 Helpful

Go to solution
anilraj_003
Level 1
Level 1

‎03-17-2025 05:15 AM

I have similar kind of problem, whereas, we replace PAN admin cert and my MS Intune broken, non of PSN detected that Intune integration attribute, and in Radius log, that claiming MDM server retries in PIP query. Meanwhile, new cert is also uploaded before hand on MS intune side as well. In PAN Intune test is fine, but none of endpoint querying our Intune. resultant, all endpoint moved to guest network and has big outage. 

0 Helpful

Go to solution
anilraj_003
Level 1
Level 1

‎03-17-2025 06:27 AM

As a solution, given earlier by someone, I am not able to open that URL. By the way, I am using ISE 3.2 patch-7. If anyone has any ideas, pls let me know. Thanks. 

0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to anilraj_003

‎03-17-2025 02:34 PM

The link referenced below is from 5 years ago and is no longer current. The following guide is the most current documentation on integration with Intune.
https://www.cisco.com/c/en/us/td/docs/security/ise/UEM-MDM-Server-Integration/b_MDM_UEM_Servers_CiscoISE/m_integrate-microsoft-endpoint-manager-intune.html

If your PAN and PSNs use different Admin certificates (have different thumbprints), they all need to be added to the App Registration  used for the Intune integration.

If you have confirmed that has been done and are still having issues, you should open a TAC case to investigate further.

0 Helpful

Go to solution
anilraj_003
Level 1
Level 1

‎03-19-2025 08:51 AM

Hello Gibbs,

Here our story is a bit different, After replacing the admin certificate on PAN, the MDM connections for PSN stopped working, with most of them showing “MDM Server unreachable” and some of PSN is working fine with partial endpoint and some of the endpoint still unreachable to pip MDM query. 

TAC case already opened and Cisco is unable to provide RCA, with why it happened. They simply say, delete the endpoint and it will re-catch the mdm attribute. That is not a good approach. Currently still a case with the cisco BU Team. 

0 Helpful
Customers Also Viewed These Support Documents