Security

Reply
Contributor II

CPPM Extentions Intune Integration V3.0

Hi,

 

I need some help with how to use Intune as a Autorization source. I was asked to implement Clearpass at a customer. They use MSFT Azure and Intune for a majority oif their devices put still have a Generic MSFT AD infrastructure too.

 

Side Note, I'm new to Intune and Azure. I stopped administating MSFT AD at W2003 and never heard of Intune or Azure before this project. The deadline is pretty steep too (delivery end of this week) but I have found a work around which is less secure.

 

I got the integration working, following the Technote Extensions Intune Integration V3.0 written by Danny Jump. I see communication in the API logs and the Intune admin confirmed seeing communication too so I'm guessing that I did it right. I fail to use the Intune Authentication in my enforcement policy though.

 

I'm doing dot1x (wired and wireless), use the AD for user authentication (tips role equals [user authenticated] and want to check if the computer is Intune Managed or the Owner is the organisation or something similar to make a difference in Enforcing a Ccompany owned or a BYOD device that was set for 802.1X. Like you would check for tips role equals [machine autheticated] in a generic AD.

The windows authentication tab is set for user or computer authentication so I see the Dot1x requests in the Access Tracker

Using the attributes created as per technote, fails. The next valid enforcement rule is successfully enforced.

 

Is there another document specifing what the attributes are and what else is out there (like a RADIUS dictionary)? I cannot find it on Airheads or the web.

Is there a way to check if an attribute is picked up and what the value would be? It's not showing in the Access Tracker (since the enforcement rule is skipped)

Wouldn't some of these Attribute datatypes need to be Boolean since they are true or false (like msft_isManaged)

Does anyone have some pointers where to go next?

 

Thanks, Erik

 

 

Guru Elite

Re: CPPM Extentions Intune Integration V3.0

Put the extension into debug mode and then take a look at the logs (GET /extension/instance/{id}/log)

 

Regarding the attributes, the data types shown in the technote are correct.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Moderator

Re: CPPM Extentions Intune Integration V3.0

When a user authN's, what do you see on the INPUT tab under authorization?

 

Here if you define the HTTP authZ correctly you will see the returned values from InTune.


Best Regards
-d

ClearPass Product Manager

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: