I have the Microsoft Intune integration working properly, and I use SCEPman for EAP-TLS on the Wireless without issue. I was able to get EAP-TLS to work for the wired side as well. I noticed that when I connect a device via Ethernet that is managed by Intune I get 2 entries in the Endpoints database one from Intune and a different one for the same device when it connects via Ethernet. Is there a way to have this as a single entry? I am asking because on the ArubaOS-CX switches when I implement port-access on an interface I try mac-auth first then dot1x, and if the device is not a specific device I add the role of [other] which then enforces a Captive-Portal profile for guest. So that when a random deives is plugged in they get sent to guest. What I am trying to avoid is when a Corporate device is connected I dont want them to get the Captive-Portal at all. The dot1x does authenticate but not before the mac-auth happens which sends them to Captive-Portal.
------------------------------
Chris Sunderland
------------------------------