View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

ClearPass and Intune device groups

This thread has been viewed 60 times
  • 1.  ClearPass and Intune device groups

    Posted Feb 23, 2024 03:38 AM


    I've got a ClearPass 6.11.2 deployment using EAP-TLS for user and/or machine wireless authentication and authorisation.

    User and machine certificates are issued using SCEP and configuration profiles in Intune, but have an issue with first time login user experience (especially on shared windows devices).

    The default Intune device configuration is to use machine certificate prior to login (so device has network access) then once a user is logged in, it connects using the user certificate.

    This works fine if the user already has a certificate on that device.

    Issue is for first time users on that device, the device has network access so a new user can log into the device using their Azure AD credentials, however after login they drop off the network as there's no user certificate. We then need to connect to another network and sync with Azure AD to get user policy pushed to the device, including the user certificate.

    To resolve this poor user experience on shared devices, we thought of deploying an Intune network policy that connects as machine only, but would like to make policy decisions based on device group information.

    We are using the Intune v6 extension to get device attributes, but it doesn't include the groups the device is a member of.

    Is anyone aware of a method to get device group information from Intune?

  • 2.  RE: ClearPass and Intune device groups

    Posted Feb 23, 2024 03:46 AM