Security

Hello everyone,

We are new users of ClearPass and need help setting up certificate-based authentication using 802.1x for wired clients. Our current setup includes ClearPass version 6.12.3.303963 and the Microsoft Intune Extension 6.3.5.

The Intune Extension is already populating the Endpoint database with information, and our devices are correctly listed. Our goal is to check if a device is Intune compliant when it connects. To achieve this, we would like to compare certain attributes.

Is it possible to compare specific attributes?
We need to compare Input Attributes like "Certificate:Subject-CN" with for Example "Endpoints:Intune Azure AD Device Id". Ist this possible?

Is there perhaps a better approach to achieve our goal?

We appreciate any help and guidance!

Thank you in advance!

Best regards,
Marc

Hello everyone,

We are new users of ClearPass and need help setting up certificate-based authentication using 802.1x for wired clients. Our current setup includes ClearPass version 6.12.3.303963 and the Microsoft Intune Extension 6.3.5.

The Intune Extension is already populating the Endpoint database with information, and our devices are correctly listed. Our goal is to check if a device is Intune compliant when it connects. To achieve this, we would like to compare certain attributes.

Is it possible to compare specific attributes?
We need to compare Input Attributes like "Certificate:Subject-CN" with for Example "Endpoints:Intune Azure AD Device Id". Ist this possible?

Is there perhaps a better approach to achieve our goal?

We appreciate any help and guidance!

Thank you in advance!

Best regards,
Marc

Hi Marc.

You can always test your role mapping or enforcement policies with Simulation.  You can compare two attributes.

Best, Gorazd

Hello everyone,

We are new users of ClearPass and need help setting up certificate-based authentication using 802.1x for wired clients. Our current setup includes ClearPass version 6.12.3.303963 and the Microsoft Intune Extension 6.3.5.

The Intune Extension is already populating the Endpoint database with information, and our devices are correctly listed. Our goal is to check if a device is Intune compliant when it connects. To achieve this, we would like to compare certain attributes.

Is it possible to compare specific attributes?
We need to compare Input Attributes like "Certificate:Subject-CN" with for Example "Endpoints:Intune Azure AD Device Id". Ist this possible?

Is there perhaps a better approach to achieve our goal?

We appreciate any help and guidance!

Thank you in advance!

Best regards,
Marc

Hi Marc.

You can always test your role mapping or enforcement policies with Simulation.  You can compare two attributes.

Best, Gorazd

Hello everyone,

We are new users of ClearPass and need help setting up certificate-based authentication using 802.1x for wired clients. Our current setup includes ClearPass version 6.12.3.303963 and the Microsoft Intune Extension 6.3.5.

The Intune Extension is already populating the Endpoint database with information, and our devices are correctly listed. Our goal is to check if a device is Intune compliant when it connects. To achieve this, we would like to compare certain attributes.

Is it possible to compare specific attributes?
We need to compare Input Attributes like "Certificate:Subject-CN" with for Example "Endpoints:Intune Azure AD Device Id". Ist this possible?

Is there perhaps a better approach to achieve our goal?

We appreciate any help and guidance!

Thank you in advance!

Best regards,
Marc

Original Message:
Sent: Dec 19, 2024 03:20 AM
From: GorazdKikelj
Subject: Comparing different Endpoint Attributes for 802.1x Authentication - ClearPass 6.12.3 and Intune Extension 6.3.5

Hi Marc.

You can always test your role mapping or enforcement policies with Simulation.  You can compare two attributes.

Best, Gorazd

------------------------------
Gorazd Kikelj
MVP Guru 2024

Original Message:
Sent: Dec 16, 2024 09:33 AM
From: emzed
Subject: Comparing different Endpoint Attributes for 802.1x Authentication - ClearPass 6.12.3 and Intune Extension 6.3.5

Hello everyone,

We are new users of ClearPass and need help setting up certificate-based authentication using 802.1x for wired clients. Our current setup includes ClearPass version 6.12.3.303963 and the Microsoft Intune Extension 6.3.5.

The Intune Extension is already populating the Endpoint database with information, and our devices are correctly listed. Our goal is to check if a device is Intune compliant when it connects. To achieve this, we would like to compare certain attributes.

Is it possible to compare specific attributes?
We need to compare Input Attributes like "Certificate:Subject-CN" with for Example "Endpoints:Intune Azure AD Device Id". Ist this possible?

Is there perhaps a better approach to achieve our goal?

We appreciate any help and guidance!

Thank you in advance!

Best regards,
Marc

Yeah, DeviceId will be the best option to match on - we found the following links really good as we started the process of certificates and Intune; 

https://www.arubanetworks.com/techdocs/NAC/clearpass/integrations/unified-endpoint-management/intune/#appendix-e--scep-certificate-configuration-profile

https://community.arubanetworks.com/viewdocument/atmosphere23-belgium-brussels-202?CommunityKey=07affbbb-b455-4b3e-be10-01880637640c&tab=librarydocuments

(about the six one down on AzureAD and Intune by Herman Robers)

Hope that helps,

Original Message:
Sent: Dec 19, 2024 07:28 AM
From: emzed
Subject: Comparing different Endpoint Attributes for 802.1x Authentication - ClearPass 6.12.3 and Intune Extension 6.3.5

Original Message:
Sent: Dec 19, 2024 03:20 AM
From: GorazdKikelj
Subject: Comparing different Endpoint Attributes for 802.1x Authentication - ClearPass 6.12.3 and Intune Extension 6.3.5

Hi Marc.

You can always test your role mapping or enforcement policies with Simulation.  You can compare two attributes.

Best, Gorazd

------------------------------
Gorazd Kikelj
MVP Guru 2024

Original Message:
Sent: Dec 16, 2024 09:33 AM
From: emzed
Subject: Comparing different Endpoint Attributes for 802.1x Authentication - ClearPass 6.12.3 and Intune Extension 6.3.5

Hello everyone,

We are new users of ClearPass and need help setting up certificate-based authentication using 802.1x for wired clients. Our current setup includes ClearPass version 6.12.3.303963 and the Microsoft Intune Extension 6.3.5.

The Intune Extension is already populating the Endpoint database with information, and our devices are correctly listed. Our goal is to check if a device is Intune compliant when it connects. To achieve this, we would like to compare certain attributes.

Is it possible to compare specific attributes?
We need to compare Input Attributes like "Certificate:Subject-CN" with for Example "Endpoints:Intune Azure AD Device Id". Ist this possible?

Is there perhaps a better approach to achieve our goal?

We appreciate any help and guidance!

Thank you in advance!

Best regards,
Marc