Security

Hi,

Is there a way for devices administered by Microsoft Intune to separate between configured compliance policies configured in Intune?

For now it seems the only option is to use:

Endpoint: Intune Compliance State     state     EQUALS     compliant/InGracePeriod/noncompliant  
or
Authorization:InTune-AuthZ-source    msft_complianceState    EQUALS    True/False


The administrators working with Intune have set up several "Policies"

The issue is that I have no way of separating between them.

Noncompliant clients are supposed to be on a different network then compliant clients so if the status changes to noncompliant it should change the network untill it is compliant and the get back to the correct network. This is a process that should be more or less realtime.

Is this something that can be achieved using ClearPass with Intune extension v5?

I have gone through the guide and I find no information related to this.


Any help would be greatly appreciated.


------------------------------
Rikard Berg
------------------------------

Rikard,

I don't think the GraphAPI returns this data when the extension is querying InTune for the endpoint data, if it was available then the extension would be able to write it into the endpoint as a custom attribute as it does with other data, which you could then reference in policy.

------------------------------
Danny Jump
"Passionate about CPPM"
------------------------------

Original Message:
Sent: Jun 14, 2021 06:11 AM
From: Rikard Berg
Subject: ClearPass - Intune Compliance State -> Separate between configured policies

Hi,

Is there a way for devices administered by Microsoft Intune to separate between configured compliance policies configured in Intune?

For now it seems the only option is to use:

Endpoint: Intune Compliance State     state     EQUALS     compliant/InGracePeriod/noncompliant  
or
Authorization:InTune-AuthZ-source    msft_complianceState    EQUALS    True/False


The administrators working with Intune have set up several "Policies"

The issue is that I have no way of separating between them.

Noncompliant clients are supposed to be on a different network then compliant clients so if the status changes to noncompliant it should change the network untill it is compliant and the get back to the correct network. This is a process that should be more or less realtime.

Is this something that can be achieved using ClearPass with Intune extension v5?

I have gone through the guide and I find no information related to this.


Any help would be greatly appreciated.


------------------------------
Rikard Berg
------------------------------

Thanks Danny,

Then I don't think using Compliance state in the rules is a sensible option if it can prevent users from accessing local resources due to compliance state updates being slow.

------------------------------
Rikard Berg
------------------------------

Original Message:
Sent: Jun 14, 2021 01:12 PM
From: Danny Jump
Subject: ClearPass - Intune Compliance State -> Separate between configured policies

Rikard,

I don't think the GraphAPI returns this data when the extension is querying InTune for the endpoint data, if it was available then the extension would be able to write it into the endpoint as a custom attribute as it does with other data, which you could then reference in policy.

------------------------------
Danny Jump
"Passionate about CPPM"

Original Message:
Sent: Jun 14, 2021 06:11 AM
From: Rikard Berg
Subject: ClearPass - Intune Compliance State -> Separate between configured policies

Hi,

Is there a way for devices administered by Microsoft Intune to separate between configured compliance policies configured in Intune?

For now it seems the only option is to use:

Endpoint: Intune Compliance State     state     EQUALS     compliant/InGracePeriod/noncompliant  
or
Authorization:InTune-AuthZ-source    msft_complianceState    EQUALS    True/False


The administrators working with Intune have set up several "Policies"

The issue is that I have no way of separating between them.

Noncompliant clients are supposed to be on a different network then compliant clients so if the status changes to noncompliant it should change the network untill it is compliant and the get back to the correct network. This is a process that should be more or less realtime.

Is this something that can be achieved using ClearPass with Intune extension v5?

I have gone through the guide and I find no information related to this.


Any help would be greatly appreciated.


------------------------------
Rikard Berg
------------------------------