Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass 6.11 Azure AD API - Fetching device attributes

This thread has been viewed 27 times
  • 1.  Clearpass 6.11 Azure AD API - Fetching device attributes

    Posted Aug 28, 2023 02:27 PM

    Hello,

    i'm trying to fetch device authorization attributes with the Azure AD as source. I already configured the Azure Authentication Source and added it as additional authorization sources to my service.

    I'm using the following filter (Certificate:Subject-CN equals the AAD_Device_ID). The query works in Microsoft Graph Explorer.

    devices/?$select=id,isCompliant&$filter=deviceId%{Certificate:Subject-CN} /devices/{id}/memberOf?select=displayName

    Are device queries not supported yet - and if not will it be supported in further versions?

    Best Regards,

    Julian



  • 2.  RE: Clearpass 6.11 Azure AD API - Fetching device attributes

    Posted Sep 04, 2023 05:26 AM

    The ClearPass Azure AD Authorization Source only supports user attributes today. You can check/ask Aruba Innovation zone for a feature request.

    You can get device attributes through Intune (with extension), in most of the cases.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: Clearpass 6.11 Azure AD API - Fetching device attributes

    MVP
    Posted Sep 07, 2023 10:16 AM

    When using the Intune extension, is there a filter to restrict the incoming devices?

    Our intune has almost 70K devices (due to O365 for students) but we really only manage about 6K devices.



    ------------------------------
    Bruce Osborne ACCP ACMP
    Liberty University

    The views expressed here are my personal views and not those of my employer
    ------------------------------



  • 4.  RE: Clearpass 6.11 Azure AD API - Fetching device attributes

    EMPLOYEE
    Posted Sep 07, 2023 11:30 AM

    There are filters to restrict / watch specific attributes but not to restrict devices / endpoints.




  • 5.  RE: Clearpass 6.11 Azure AD API - Fetching device attributes

    MVP
    Posted Sep 07, 2023 11:33 AM

    Thank you @mattAruba. It's been a while sonce we worked together on a TAC case.



    ------------------------------
    Bruce Osborne ACCP ACMP
    Liberty University

    The views expressed here are my personal views and not those of my employer
    ------------------------------



  • 6.  RE: Clearpass 6.11 Azure AD API - Fetching device attributes

    EMPLOYEE
    Posted Sep 13, 2023 03:31 PM

    no news is good news when it comes to TAC :)