Solved: ISE authentication and authorization for Microsoft Azure AutoPilot

mannycho · ‎04-09-2024

Hello

I have a couple of questions about ISE and Azure.

1.) What ISE external identity source integration works with Microsoft Azure so I can authenticate endpoints / computers that use Azure AutoPilot

2. How do I automatically get certificates on thousands of computers that are not members of a domain? (GPO won't work here)

3. If I want ISE to perform machine and user authentication and authorization for computers and users that are not members of AD domain, but are using Azure autopilot, how can I achieve that?

Thanks

Greg Gibbs · ‎04-09-2024

The current available options for Authentication and/or Authorisation of Users/Devices against Entra ID are discussed in this post:
https://community.cisco.com/t5/security-knowledge-base/cisco-ise-with-microsoft-active-directory-azure-ad-and-intune/ta-p/4763635

Certificates for Entra Joined endpoints would need to be enrolled using Intune. This would happen as part of the Autopilot process and ISE would have no control over this process.

View solution in original post

Greg Gibbs · ‎04-09-2024

The current available options for Authentication and/or Authorisation of Users/Devices against Entra ID are discussed in this post:
https://community.cisco.com/t5/security-knowledge-base/cisco-ise-with-microsoft-active-directory-azure-ad-and-intune/ta-p/4763635

Certificates for Entra Joined endpoints would need to be enrolled using Intune. This would happen as part of the Autopilot process and ISE would have no control over this process.

mannycho · ‎04-12-2024

Thanks Greg,

The link was very helpful. What is the acceptable latency for radius authentication from the endpoints connected network access devices to ISE when hosted in Azure?