Solved: Intune - MDM

jim.thomas · ‎06-08-2020

This question is more of an architecture question. Intune integration has been working fine with no issues. However, looking at this closer, I'm seeing that the PAN's cert is uploaded/trusted by the OATH app on the Azure-side of the connection. This infers that if the PAN is rebooted or goes down and the secondary PAN is NOT in auto-failover mode, the MDM interrogation will fail. Is that correct? In other words, we cannot have the PSN interrogate Intune, only the active PAN?

saxenanitesh8522 · ‎06-08-2020

Hi,

There was document with regards to the same:-

Step 1: Download/export ISE PAN certificate (only one cert incase of wild card cert, both
primary PAN and secondary PAN cert incase of CA signed public certificates)

https://community.cisco.com/t5/security-documents/how-to-integrate-microsoft-intune-with-ise-2-1-presentation/ta-p/3619502 --> page 18.

Now the certificate which is exported is wildcard or ca signed.

View solution in original post

saxenanitesh8522 · ‎06-08-2020

Hi,

There was document with regards to the same:-

Step 1: Download/export ISE PAN certificate (only one cert incase of wild card cert, both
primary PAN and secondary PAN cert incase of CA signed public certificates)

https://community.cisco.com/t5/security-documents/how-to-integrate-microsoft-intune-with-ise-2-1-presentation/ta-p/3619502 --> page 18.

Now the certificate which is exported is wildcard or ca signed.