Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
448
Views
1
Helpful
4
Replies

ISE Integration with Intune MDM

ndahemmy
Level 1
Level 1

‎11-28-2024 05:59 AM

Hello,

We intend to integrate ISE with with Microsoft Intune MDM. all of documentation i have seen, You have to register ISE as an application in Azure AD and use certificates for authentication. I have two questions in my mind if anyone has an answer kindly share.

Q1. Is it possibkle to use shared key or password instead of certificates ? thinking certificates expires am trying to think other alternatives.

Q2. Is it possible to integrate ISE in Intune itself instead of creating ISE as an application in Azure AD then the app use API to talk with ISE ?

 

 

Thank you

0 Helpful
4 Replies 4

Flavio Miranda
VIP
VIP

‎11-28-2024 06:42 AM - edited ‎11-28-2024 06:43 AM

@ndahemmy 

 Q1- not sure about the PSK but certificate is always the best option.

And you can define how long a certificate last. Althouth the good practice is not too long period

Q2- These are the supported MDM on cisco doc

Supported Unified Endpoint Management and Mobile Device Management Servers

Supported MDM servers include products from the following vendors:

  • Absolute

  • Blackberry - BES

  • Blackberry - Good Secure EMM

  • Cisco Meraki Systems Manager

  • Citrix XenMobile 10.x (On-prem)

  • Globo

  • IBM MaaS360

  • Ivanti (previously MobileIron UEM), core and cloud UEM services

 

0 Helpful

ndahemmy
Level 1
Level 1
In response to Flavio Miranda

‎11-28-2024 11:23 AM

You didn't include Intune in supported MDM though it is supported as per below document

https://www.cisco.com/c/en/us/td/docs/security/ise/UEM-MDM-Server-Integration/b_MDM_UEM_Servers_CiscoISE.pdf 

 

0 Helpful

Flavio Miranda
VIP
VIP
In response to ndahemmy

‎11-28-2024 11:31 AM

Sorry. Probably is the doc version. 

• Cisco Meraki Systems Manager
• Ivanti (previously MobileIron UEM) core and cloud UEM services
• Microsoft Endpoint Manager Intune
• JAMF Casper Suite
• VMware Workspace ONE (previously AirWatch)

0 Helpful

Greg Gibbs
Cisco Employee
Cisco Employee

‎11-28-2024 01:17 PM

A1. No. If you want to use the GUID method, it requires using a certificate with the properly formatted GUID string. The other option is using the MAC address for performing the registration/compliance lookup against Intune, but that has other issues (docks, dongles, randomized MAC Addresses, etc).

A2. Entra ID is the identity store behind Intune and they are tightly coupled. Creating the App Registration in Entra ID provides the Service Principal that is needed to interact with Intune. This is how is works on the MS side and is not specific to ISE.

Customers Also Viewed These Support Documents