Hi all, i'm looking at Central for a brand new deployement. It's not easy to find good documentation about use case and feature. It's why i ask you a little help.
The goal is to fully manage with cloud console, nothing on prem except some device (AP, switch, gateway). Also, many AP will be at home office (teleworking).
All endpoints are fully Microsoft 365, including Microsoft Intune. Windows 10 PC are already manage by Intune policy. Device and users authenticate against Microsoft service (Azure AD) with MFA enable and some conditionnal access policies. There is no legacy Active directory neither traditionnal LDAP server !
For the main office, we will deploy a new security gateway and some AP.
We want to do some NAC or 802.1x auth to permit only corporate device on corporate network.
We also want remote connect with VPN to main office to target some old legacy system.
We want authentifcation for VPN AND the authorization for NAC or 802.1x to be the Microsoft Account, either by asking Intune if PC is compliant/recognized or by asking for user authentification (depending on policy), and working with Microsoft MFA enable on that account.
Bottom line : we want Microsoft 365/Azure service be the only auth provider.
So, here is the assumption :
a) Will be able to manage AP, Switch, security gateway directly from Central
b) the use of Clear Pass is mandatory to be able to build NAC policy
But ...
Question :
1) Does Clearpass can be subscribe 'as a service' in Central ? We dont want to deploy a server on Prem, and preferly not manage a virtual appliance
1b) if it can be 'included' in central, how is it licensed ? by number of users ?
2) i saw some video about intune integration. Does Clearpass can simply check if devices are compliant/recognized in intune to give access to Network (either VPN or wired or wifi) ?
3) Would some elements be possible even without clearpass ? May we bind security gateway directly with Azure AD as a provider to challenge authentication ?
Thanks all for your comments and suggestion.