If there is 'significant delays' with querying Intune, they should be able to at least tell you if that is expected performance or not and even check to find where the delay is. If that's in Intune, there is not so much that TAC can do, if it's in ClearPass or the extension, they may.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Oct 12, 2023 04:25 AM
From: ehab.boshra@tenzing.de
Subject: ClearPass - Intune Extension - Periodic Sync VS. HTTP Realtime
I opened a case already and waiting for the engineer
But Iam not quite sure if TAC will support the intune behavior
Viele Grüße aus Lübeck Ehab Boshra | Netzwerktechnik
|
tenzing - Dr. Müller & Partner GmbH IT-Solutions
|
Hutmacherring 6, 23556 Lübeck |
Tel.: | (+49) 451 8730035 |
Fax: | (+49) 451 8730029 |
Mobil: | (+49) 1703725035 |
E-Mail: | ehab.boshra@tenzing.de |
Web: | https://tenzing.de |
Amtsgericht Lübeck | HRB 5627 Geschäftsführer: Björn Meyer & Gunnar Petersen
|
Original Message:
Sent: 10/12/2023 4:22:00 AM
From: Herman Robers
Subject: RE: ClearPass - Intune Extension - Periodic Sync VS. HTTP Realtime
I see the point, but I don't think there are 'conditional Authorization sources'; ClearPass can query multiple authentication sources in parallel or no specific order, and it will just try all of them.
For this use-case you may open an idea in the Aruba Innovation Zone to see if there are more customers running into the same issue. BTW, if you have significant delays with the real-time lookups, where for me everything under a second would not really be significant for the purpose, then it's good to open a TAC case to investigate why that happens.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Oct 11, 2023 08:12 AM
From: JSheehy13
Subject: ClearPass - Intune Extension - Periodic Sync VS. HTTP Realtime
Thank you Herman for this info! Is there a way that ClearPass can "pick and choose" which method to use based upon availability of the MAC Address in the database. For example if we have a surface hub that doesn't send the proper MAC Address to Intune....or interms of randomized mac.
SO if MAC not found...use realtime lookup....or if MAC present from periodic sync...do not use Realtime lookup?
Let me know if that makes sense.
Thanks!
Original Message:
Sent: Oct 11, 2023 07:53 AM
From: Herman Robers
Subject: ClearPass - Intune Extension - Periodic Sync VS. HTTP Realtime
The 'trick' is to use the Intune Device ID and you can still use the synchronized data from the endpoint database and would not need realtime.
The ClearPass, Azure AD, and Intune presentation from Atmosphere Local can help you to get some better view and the pro/cons for HTTP Realtime vs synchronized.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Oct 09, 2023 04:40 PM
From: JSheehy13
Subject: ClearPass - Intune Extension - Periodic Sync VS. HTTP Realtime
Hi everyone - So my company has been using the intune clearpass extension v6 on our network. We are currently have periodic sync enabled, and we are using HTTP realtime authorizations. We are noticing that there is a great deal of latency to connect to Office 365\Intune to query device info.
We also have to account for random MAC Addresses and for device that do not pass MAC Addresses to Intune. So I was told that periodic sync cannot be used without HTTP realtime auth.
Does anyone have a best practices document outside of the normal configuration? For example, should we have multiple AzureAD app registrations for our various clearpass nodes.