04-25-2024 01:33 AM
Hi all,
I read the following URL, posted by Greg:
https://community.cisco.com/t5/security-knowledge-base/cisco-ise-with-microsoft-active-directory-azure-ad-and-intune/ta-p/4763635
Great document with lots of detailed information!
I have an additional question about this.
Is the following scenario also possible?:
1 device certificate with the following attributes
CN=UPN username@xxxx.onmicrosoft.com
SAN URI=GUID
And place this certificate in the Computer Certificate Store, and use 802.1x Computer Authentication
Certificate profile is configured to use the CN (UPN)
I think this sceanrio is not described, also the summary does not have this scenario.
What I want to achieve with only 1 Device certificate:
Authentication via EAP-TLS in ISE, Based on 802.1x Computer Authentication
Use the SAN URI for the compliancy check in MS Intune
Use the CN for User Group retrieval and other attributes from Entra ID
Thanks in advance,
Martin
04-30-2024 06:12 PM
Hi @mverbon
Isn't this more of an Azure type of question? In other words, how to use Azure to onboard Windows PC and provision certs and supplicants on Windows OS?
05-05-2024 06:34 PM - edited 05-05-2024 06:34 PM
It sounds like you are wanting to create a Computer certificate template with User attribute values (like UPN) in Intune and push that to the Computer certificate store on the managed device. You would then have the device configured for Computer auth and have ISE authorize the session based on User attributes found in the Computer cert.
I can think of multiple concerns with this scenario, the biggest being the fact that Windows Configuration Profiles for certificates in Intune have a setting for 'Device' versus 'User'. A Device certificate profile will not allow you to specify User attribute (like the UPN) values. This setting would define which certificate store the cert will be deployed to on the device, so I don't think what you want to do is possible from an Intune perspective.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide