Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12071
Views
5
Helpful
4
Replies

ISE integration with MS Intune

Go to solution
russell.sage
Level 3
Level 3

‎12-02-2021 07:25 AM

My customer wants to move away from on premise AD, for Wireless authentication and is looking to integrate ISE with MS Intune their MDM solution. Their future IT policy is for all Corporate devices to managed by MS-Intune which in turn is integrated with Azure AD.

So currently Corporate wireless users have an AD issued certificate that ISE uses, via a certificate profile using the subject alternative name field, to do an AD lookup.

My question if we integrate ISE with Intune and the users' Corporate Laptops are registered in Intune and they attempt to connect to wireless what attribute of the end device, other than the MAC address, can ISE obtain and send to Intune for confirmation of registration. I have read the following https://community.cisco.com/t5/security-documents/how-to-integrate-cisco-ise-mdm-with-microsoft-intune/ta-p/4187375

From reading this document I am still unclear how this would work?

 

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to russell.sage

‎12-02-2021 02:20 PM - edited ‎12-02-2021 02:23 PM

Prior to ISE 3.1, the MDM API (v1/v2) only uses the MAC address as identity to query the MDM server. ISE 3.1 enhances the MDM API (v3) with the ability to use a unique device GUID to query the MDM server. The MDM vendors, however, need to update their integration to leverage the v3 API (which it appears that Intune has done). See the following links for more information.

Handle Random and Changing MAC Addresses With Mobile Device Management Servers 

Integrate MDM and UEM Servers with Cisco ISE - Configure Microsoft Endpoint Manager Intune 

View solution in original post

Go to solution
russell.sage
Level 3
Level 3
In response to Greg Gibbs

‎12-08-2021 03:14 PM

This is really useful information. Many thanks. I have gone back to my customer for their views

View solution in original post

0 Helpful
4 Replies 4

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎12-02-2021 07:29 AM

check this thread : (may help that document in the thread)

 

https://community.cisco.com/t5/security-documents/how-to-integrate-microsoft-intune-with-ise-2-1-presentation/ta-p/3619502

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
russell.sage
Level 3
Level 3
In response to balaji.bandi

‎12-02-2021 08:05 AM

I am relatively clear on integrating ISE with MS Intune - my question is trying to understand the user authentication process.

 

User with device registered on MS Intune walks into Corporate office and wants to connect to Corporate Wifi. He connected to the Corporate SSID. 

What happens next? What device attribute does ISE send to MS-Intune in order for Intune to verify the device is registered? Is it the MAC address of the device?

0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to russell.sage

‎12-02-2021 02:20 PM - edited ‎12-02-2021 02:23 PM

Prior to ISE 3.1, the MDM API (v1/v2) only uses the MAC address as identity to query the MDM server. ISE 3.1 enhances the MDM API (v3) with the ability to use a unique device GUID to query the MDM server. The MDM vendors, however, need to update their integration to leverage the v3 API (which it appears that Intune has done). See the following links for more information.

Handle Random and Changing MAC Addresses With Mobile Device Management Servers 

Integrate MDM and UEM Servers with Cisco ISE - Configure Microsoft Endpoint Manager Intune 

Go to solution
russell.sage
Level 3
Level 3
In response to Greg Gibbs

‎12-08-2021 03:14 PM

This is really useful information. Many thanks. I have gone back to my customer for their views
0 Helpful
Customers Also Viewed These Support Documents