Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11157
Views
8
Helpful
16
Replies

ISE Integration with Entra-joined Devices/Users

GregoryLeggett
Level 1
Level 1

‎04-05-2024 01:47 PM

My organization is working on migration path to Win11 (Entra joined), with hybrid user accounts. According to the below posting, it was mentioned that TEAP (EAP-TLS) is not supported for Computer authentication or EAP-Chaining.

Cisco ISE with Microsoft Active Directory, Azure AD, and Intune 

I have two questions about this;

  1. Is this a limitation of ISE or with Windows11 being Entra joined?  If ISE, could you please explain why EAP-Chaining and computer authentication are not supported?
  2. We are currently using TEAP to solve the "chick and egg" problem outlined in the below posting.  If TEAP cannot be used in an Entra joined environment, then what options are available to ensure that a user logging into a computer for the first time is able to build a user profile with certificate issuance, for user authentication?
    EAP-TEAP: First time user login/chicken & egg scenario 

@Greg Gibbs

0 Helpful
16 Replies 16

KelvinT
Level 1
Level 1
In response to Greg Gibbs

‎02-17-2025 10:40 AM

Thanks for the info Greg.

0 Helpful

hasitha siriwardhana
Level 1
Level 1

‎03-14-2025 06:33 AM

Hi ,

I am bit confused... if TEAP(EAP-TLS) and EAP-FAST(EAP-TLS) with EAP Chaining are supported for this Entra AD flow from ISE 3.2 patch 5 and ISE 3.3 patch 1 due to the fix implemented by bugID CSCwd34467 

Then what is the use case of Machine authentication function going to be release on ISE 3.5. Without ISE 3.5 can we use this ?

0 Helpful
Customers Also Viewed These Support Documents