Security

ClearPass Team,

 

Please find enclosed information and details related to ClearPass and Microsoft Intune integration. In this updated TechNote read how to setup and configure ClearPass Policy Manager and Microsoft Intune Cloud-based MDM.

 

In this release, we have enhanced the integration to simplify the process of collecting the necessary data from Microsoft to complete the configuration. Additionally, within this release of the extension we have added support for a new Intune attribute – Ownership. This has been requested by a number of customers and MSFT finally delivered this very recently. With this new endpoint context, we now have the ability to understand and differentiate how Intune understands a managed device, i.e. a Corporately owned device vs a Personal [BYOD] device.

 

You can find the document on the support site located herehttps://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=25353

  

 

Happy reading – go fill your boots..!!….. comments and feedback/suggestions graciously accepted. 

 

 

 

Good read, thanks for this updated technote release.

Several questions:

 

What destinations is our ClearPass cluster required to reach?

I found the following destinations buried in an old Aruba presentation:

Is this it? or is there other location rules that should be added?

extensions.clearpassbeta.com

*.docker.io

*.cloudfront.net

 

In the instruction on page 8:

Next click on ‘API Guest Operator’ and select ‘Duplicate’. ClearPass will copy the profile and call it ‘API
Guest Operator (2)’. Now edit and rename it to be ‘API Extension Profile’.

 

There is no API Guest Operator profile present in our vanilia system install to duplicate. What is the correct profile to duplicate or listing of all profile settings needed to create a new profile.

 

Thanks

 

Hello, 

 

The ClearPass InTune Integration Guide v3.0 isn't complete anymore. At least that is what I noticed when following the steps. One additional step should be added. After setting the required permissions under the app registration on page 19 you have to click “Grant Permissions” (see attachment).

 

If you don't do this, ClearPass will not be able to fetch attributes from InTune.

 

When following the v3 tech-note guide, be careful when copy and pasting the XML Authorization Source on page 29. On page 27 the filter query is written out correctly. On page 29, although it looks correct, when you copy and paste it into XML the last hyphen (between Address and NoDelim) is missing. Do a “search” in the doc and you’ll see you only get 1 match for this: ?macAddress=%{Connection:Client-Mac-Address-NoDelim} when it appears to be in the doc twice.

 

?macAddress=%{Connection:Client-Mac-Address-NoDelim} = Correct format from page 27.

?macAddress=%{Connection:Client-Mac-AddressNoDelim} = Incorrect format from page 29 after copy and paste.

Do you know if there is any plans for a supported End Point Context Server för Intune. In regards to microsoft's rapid development in Intune it would be nice if there was a supported, easy to use way to integrate with Intune. We are not in a situation where we can run and manage an integration via rest API. Today we have an integration with JAMF and we really like the simplicity to have a easy to use, and supported, way to manage this integration.

The Intune integration does use the REST API.

Well, I understand that this solution uses rest API after reding the Intune integration PDF.
But does your answer mean that this is the only solution there will be, and i shouldn't expect in the near future see Microsoft Intune as a as a Server Type choise (like Airwatch, Mobile Iron ... )  when I try to create a new Endpoint Context Server?

Correct. It uses a different integration type called an Extension. Why does the integration method matter?

The integration type itself doesn't matter, but what's matter is who can give us support for an integration based in APIs that we as a customer have configured.
Microsoft has quite alot of upgrades and what hapends if the integration doesn't work after an Intune upgrade, who should/can we call?
And maybe the most important thing, how quickly will this kind of problem be solwed? Every authentication request will, if i understand this right, go up to Intune Cloud, not to a local DB in ClearPass like it does in the JAMF integration and what i have read also in a MobileIron integration solution. This meens that this kind of integration with Intune will be very time critical.

Very Helpful, we are currently migrating to Intune from our current MDM, will test it out. Thanks

Hello!

Could you please share actual link (on ASP website) for this documentation?

As far as I can see, there is still no option to integrate Microsoft Intune as a choice of server type (eg Airwatch, Mobile Iron...), correct?

------------------------------
Pavlo Semenenko
------------------------------

Original Message:
Sent: May 23, 2017 06:21 PM
From: Danny Jump
Subject: UPDATED TechNote V3: ClearPass and Microsoft Intune Extension Integration

ClearPass Team,

 

Please find enclosed information and details related to ClearPass and Microsoft Intune integration. In this updated TechNote read how to setup and configure ClearPass Policy Manager and Microsoft Intune Cloud-based MDM.

 

In this release, we have enhanced the integration to simplify the process of collecting the necessary data from Microsoft to complete the configuration. Additionally, within this release of the extension we have added support for a new Intune attribute – Ownership. This has been requested by a number of customers and MSFT finally delivered this very recently. With this new endpoint context, we now have the ability to understand and differentiate how Intune understands a managed device, i.e. a Corporately owned device vs a Personal [BYOD] device.

 

You can find the document on the support site located herehttps://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=25353

  

 

Happy reading – go fill your boots..!!….. comments and feedback/suggestions graciously accepted. 

 

 

 

Intune integration is delivered as an extension. Integration tech note is available on ASP and here:
https://support.hpe.com/hpesc/public/docDisplay?docId=a00112290en_us

------------------------------
Mathew George
------------------------------

Original Message:
Sent: Feb 07, 2022 01:12 PM
From: Pavlo Semenenko
Subject: UPDATED TechNote V3: ClearPass and Microsoft Intune Extension Integration

Hello!

Could you please share actual link (on ASP website) for this documentation?

As far as I can see, there is still no option to integrate Microsoft Intune as a choice of server type (eg Airwatch, Mobile Iron...), correct?

------------------------------
Pavlo Semenenko

Original Message:
Sent: May 23, 2017 06:21 PM
From: Danny Jump
Subject: UPDATED TechNote V3: ClearPass and Microsoft Intune Extension Integration

ClearPass Team,

 

Please find enclosed information and details related to ClearPass and Microsoft Intune integration. In this updated TechNote read how to setup and configure ClearPass Policy Manager and Microsoft Intune Cloud-based MDM.

 

In this release, we have enhanced the integration to simplify the process of collecting the necessary data from Microsoft to complete the configuration. Additionally, within this release of the extension we have added support for a new Intune attribute – Ownership. This has been requested by a number of customers and MSFT finally delivered this very recently. With this new endpoint context, we now have the ability to understand and differentiate how Intune understands a managed device, i.e. a Corporately owned device vs a Personal [BYOD] device.

 

You can find the document on the support site located herehttps://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=25353

  

 

Happy reading – go fill your boots..!!….. comments and feedback/suggestions graciously accepted.