There are two device IDs that can be configured from Intune: {DeviceId} which is the Intune Device ID, and {AAD_Device_ID}, which is the Entra ID Device ID. Both are different, and for Intune queries you need the {DeviceId}; for Entra ID queries you would need the {AAD_Device_ID}. For most flexibility, make sure both are available so you can check Intune and Entra ID where needed.
The documentation that Carson referred to has a lot of information on how to configure this.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Feb 13, 2025 04:52 AM
From: Farsound IT
Subject: Clearpass http Auth Intune attributes
I am using EAP-TLS and the Subject-AltName-URI is showing.
in the URI it could be displaying the AAD_Device_ID and not the DeviceID
Should this field be showing the DeviceID in the same format you have above?
Original Message:
Sent: Feb 13, 2025 04:34 AM
From: Herman Robers
Subject: Clearpass http Auth Intune attributes
Please check the IP address that's assigned to your extension, if that's 172.17.0.2.
But probably the real issue is in the %{Certificate:Subject-AltName-URI}. Do you have an EAP-TLS (or TEAP) authentication, where in the client certificate SAN-URL you have the Intune device ID?
Check in Access Tracker / Input / Computed Attributes if you have the Subject-AltName-URI there; then check if the (Intune) DeviceId is there either as a single plain field similar toe the Subject-AltName-DNS in the screenshot below, or if you are on the most recent Intune extension version that there is in the Subject-AltName-URI the "DeviceId:<deviceid-uuid>" also like the following screenshot:
The error that you see suggests that there is no SAN-URI at all in the client certificate, or you don't even use EAP-TLS/TEAP with client certificates.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Feb 13, 2025 03:34 AM
From: Farsound IT
Subject: Clearpass http Auth Intune attributes
I am trying to pull in attributes when a wired connection is made.
I have setup the http request with the following information.
i am using the attributes below
when the client connects i am getting the following alert
I have the Intune extension working and pulling endpoints into the local endpoint database so i know the extension is working.
I have tried changing the base URL to http://172.17.0.2 but still get the same error.
any assistance would be greatly appreciated