Security

 View Only
last person joined: 18 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

ClearPass Intune Integration

This thread has been viewed 175 times
  • 1.  ClearPass Intune Integration

    Posted Feb 18, 2022 05:43 AM
    Hi All,

    We're getting lots of the following messages in the intune logs:

    [WARN] Intune - The device "deviceName" (AzureDeviceID} does not have a MAC Address. Unable to process it.

    The users device appears in the endpoint repo but with no Intune details.

    This doesn't occur for every user.  Any ideas?

    ------------------------------
    James Whitehead
    ------------------------------


  • 2.  RE: ClearPass Intune Integration

    Posted Feb 19, 2022 11:39 AM
    Make sure MAC Randomization is disabled.

    Also, we've had issues when the device was loaded into Intune from a different network adapter such as a wired docking station.


  • 3.  RE: ClearPass Intune Integration

    Posted Feb 23, 2022 01:08 PM
    Unless I'm mistaken this appears to be due to Intune not, since October, storing Android Wi-Fi MAC address details. I'm only seeing the issue on Android devices.

    Sauce: https://docs.microsoft.com/en-us/mem/intune/remote-actions/device-inventory
    NOTE: As of October 2021, Intune doesn't display Wi-Fi MAC addresses for newly enrolled personally-owned work profile devices and devices managed with device administrator running Android 9 and above.

    The ClearPass intune extension needs a MAC address of the intune device so it can store the devices' intune details in the endpoint repo.

    ------------------------------
    James Whitehead
    ------------------------------



  • 4.  RE: ClearPass Intune Integration

    Posted Feb 24, 2022 09:09 AM
    It would be nice if we could send the DeviceID from the certificate CN rather than the MAC address. 
    The extension looks up the device by the AzureID anyway, but references by MAC address. 

    Not sure if changing the filter query would work. 

    Upvote the Feature request, I've got plenty of use cases for this too. 
    https://innovate.arubanetworks.com/ideas/SEC-I-1781


  • 5.  RE: ClearPass Intune Integration

    Posted Feb 24, 2022 10:46 AM
    I thought that too and tried it out.

    [2022-02-24T15:39:37.396] [WARN] Intune - No endpoint with the MAC Address bdb303f7-a377-4d1e-99c9-76517775aea3 was found in ClearPass.
    
    Will upvote the feature request.

    ------------------------------
    James Whitehead
    ------------------------------



  • 6.  RE: ClearPass Intune Integration

    Posted Feb 25, 2022 08:00 AM
    Hi,

    If you want to use Intune Id instead of MAC in your Intune HTTP Authentication source, you have to edit "Base URL" to "http://{extension IP}/device/info/id/" and in the filter use appropriate variable, matching "Intune ID" value (Not Azure ID value).
    Example:


    ------------------------------
    Kestutis Virsilas
    ------------------------------



  • 7.  RE: ClearPass Intune Integration

    Posted Feb 25, 2022 09:00 AM
    Yeah I managed to work that out and I've got it setup so that the Intune HTTP Source base URL includes the additional /id/.

    I'm trying to use the Certificate CN which, in my case, is the Intune ID but It doesn't work. The extension logs show the Intune ID as undefined.

    [datetime] [INFO] Intune - [/device/info/id/:intuneId] request received from ::ffff:172.17.0.1.
    [datetime] [DEBUG] Intune - Request "GET '/endpoint'" took 90 ms.
    [datetime] [WARN] Intune - No endpoint with the Intune ID undefined was found in ClearPass.​​



    ------------------------------
    James Whitehead
    ------------------------------



  • 8.  RE: ClearPass Intune Integration

    Posted Feb 25, 2022 09:23 AM
    Try to double check does your Certificate CN is really "Intune ID" attribute.
    According to Feature request description: "Subject name format: CN={{AAD_Device_ID}}", I think this will be "Azure AD Device ID" value.

    Each Intune device has both these 
    attributes "Intune ID" and "Intune Azure AD Device ID". Both attributes are in similar format:

    For Intune Extension to work, you have to use "Intune ID" as the variable. It will not work with the "Intune Azure AD Device ID" attribute.

    ------------------------------
    Kestutis Virsilas
    ------------------------------



  • 9.  RE: ClearPass Intune Integration

    Posted Feb 25, 2022 10:12 AM
    It's definitely the Intune ID. NOTE that this device doesn't sync to the Endpoint repo as it has no Wi-Fi MAC address in Intune.



    ------------------------------
    James Whitehead
    ------------------------------



  • 10.  RE: ClearPass Intune Integration

    Posted Apr 28, 2022 02:39 PM

    I'm seeing the same issue on CPPM 6.9.7 and Intune 5.0.0.

    We have HTTP Source pointing to http://172.17.0.2/device/info/id/ and passing the {{AAD_Device_ID}} via %{Certificate:Subject-CN}.

    Intune extension fails to assign the parameter to :intuneId and shows "undefined".

    So I set up a dummy http server to see what was being passed and it seems to be passing the ID correctly.



    ------------------------------
    Nicholas Hickman
    ------------------------------



  • 11.  RE: ClearPass Intune Integration

    Posted Apr 29, 2022 09:57 AM
    I don't think you can use the AAD ID, you have to use the Intune ID.
    Pass the Intune Device ID with {{DeviceId}} in either the CN or the SANs.
    You could also possibly use the L={{DeviceId}} and update the the look up to use the Location on the certificate if you were already using the SAN's fields, and needed AAD Device ID as the CN.

    After talking with the folks at Atmosphere there should be some news in the near future, but in the mean time, changing to http://<IP>/device/info/id/ and using the Intune Device ID is the way, and not the AAD Device ID.



  • 12.  RE: ClearPass Intune Integration

    Posted May 09, 2022 02:07 PM