I'm on a way deploying ISE 2.4 to our infrastructure. Dot1x with EAP-TLS is already deployed. Everything is deployed in Azure. Important thing to know is the fact that we DO NOT have Classic AD. Only Azure AD so no group policies are available. ISE acts as CA and certificates are being issued ove Certificate provisioning portal on per-user basis. Solution itself works fine however we're looking for some automatization because we want to make more than 1k users for EAP-TLS instead of MS-CHAPv2. It is not a best idea to enforce each user to generate certificate manually.
That's why we're looking for solution which will help as to generate and distribute client certificates. We have plans to connect MS Intune as MDM solution for device posturement. Might be we can utilize Intune for certificate distribution.... I haven't found any documentation so far.
Many thanks for your answer or suggestions!
Solved! Go to Solution.