Cloud Managed Networks

I'm migrating from away from a older Cisco with radius and NPS environment to Aruba Central and Clearpass. To get things going I was thinking about using Central with our Aruba AP515s and integrate this with our current NPS/radius server. This will serve as a replacement of what we currently have in place. This will use one of our existing SSIDs. Correct me if I'm wrong on this? Can someone confirm that I do not need clearpass at this point in time for this type of setup?

Later on I want to integrate with intune. For this set up I will need Clearpass. To simplify things, I thought about creating a new second SSID will aruba clearpass and integrate with intune to handle our pcs that we will slowly integrating into intune. 

I'll basically have two SSID handling authentication. One with aruba central which will handle all of internally domain joined PCs and a second SSID with aruba clearpass that will all of our Azure AD /intune joined PCs.

After we migrated all our pcs into intune I can turn off the SSID on central that's handling internal radius functions. 

Does this sound right?

It depends a bit on what you are returning on attributes on your NPS. If it is just 'Access-Accept', I'd give this approach a good chance. If you return more complex things like ACLs, Captive Portal, you might need to change the NPS to return the Aruba equivalents. But good point is that you can easily test with a single AP and make the modifications before you move over to the AP515s.

One point of attention might be that if it is just a single SSID where you will go to 2 SSIDs during the migration, it probably will not be such an issue. If you have 4 SSIDs and go to 8 during migration, the amount of beacons can consume a significant amount of your 'airtime'. Search for SSID overhead calculator to get some more bac