Hi All,
Starting Oct 2024, Microsoft will release a feature that will enable customers to turn on the Strong Mapping feature from Intune which will allow them to add Security Identifier attribute in the SAN field of the client certificates. Starting Jan 2025, the Strong Mapping adoption will be enforced on the overall windows ecosystem after which the key distribution system (KDC) will check if certificates have the security identifier during certificate-based authentications. Any such certificates which do not have the security identifier will fail the certificate-based authentications. More information is available to learn at
https://techcommunity.microsoft.com/t5/intune-customer-success/support-tip-implementing-strong-mapping-in-microsoft-intune/ba-p/4053376
https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16
We are pleased to announce the availability of Intune extension version 6.3.2 with support for Strong Mapping lookup.
More information related to Strong Mapping support is documented under the ‘What’s new in ClearPass Intune Extension v6.3.2, Configuring ClearPass Policy Manager as an HTTP AuthZ source and Appendix E section of the technote.
Customers who choose to use the Strong Mapping feature between Oct, 2024 and Jan, 2025 it is necessary that they upgrade the extension to this version. Starting Jan, 2025 Strong Mapping will not be optional and will be mandated by Microsoft for all certificate-based authentication making the upgrade non-optional. For customers using ClearPass Onboard as the certificate CA to issue certificates for Intune managed clients it does not require any update or configuration change on the Intune SCEP extension to support the Strong Mapping feature.
We are also pleased to announce the soft launch of our new online publishing site https://www.arubanetworks.com/techdocs/NAC/. We are in process of moving the information that has been in https://www.arubanetworks.com/clearpassdocs to this new site. During the cut-over we will be maintaining the links in the Airheads community pages to point to the new locations as documents are moved. When we are complete, we will then redirect the clearpassdocs to the new location.
Best Regards,
The ClearPass Team