Solved: Re: ISE to Intune MDM

craiglebutt · ‎03-16-2021

Trying to setup Intune with ISE,

Certs installed and have all usage enable just to test

Baltimore

FEF.msub05.manage.microsoft.com

DigiCert Global Root

DigiCert SHA2 Secure

Doesn't matter what combination I tick , just get

MDM Server API error
Connection Failed to the MDM server: There is a problem with the server Certificates or ISE trust store.

Removed all the config and tried again, still got the same.

Ran a Wireshark but couldn't see where the fault is.

Any ideas?

thomas · ‎03-17-2021

Try adding the certificate DigiCert Global Root G2 from https://www.digicert.com/kb/digicert-root-certificates.htm to the ISE Trusted Certificates.

Microsoft updated the GraphAPI service just before ISE 3.0 was released and you need that cert for connecting to Azure AD to use their GraphAPI. Intune may use the same.

View solution in original post

craiglebutt · ‎03-17-2021

Hi Thomas

I found that yesterday and tried it, didn't work.

But I uploaded the Cert, so just added the PEM file, now it works

Cheers

View solution in original post

balaji.bandi · ‎03-16-2021

try this thread :

https://community.cisco.com/t5/network-access-control/ise-mdm-integration-with-azure-intune/m-p/2977707

integrate document for reference :

https://community.cisco.com/t5/security-documents/how-to-integrate-cisco-ise-mdm-with-microsoft-intune/ta-p/4187375

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

craiglebutt · ‎03-16-2021

Looked at them before posting on forum.
2nd link
Seems to be one of the latest documents
Seems to be missing the part about exporting the cert from PAN, also the links
No certs under https://graph.windows.netand https://fef.msuc05.manage.microsoft.com/

Following Integrate Cisco ISE with Intune - Intune | Microsoft Docs as well

thomas · ‎03-17-2021