Security

 View Only
  • 1.  CPPM & MS Intune extension for device compliance

    Posted Oct 22, 2020 01:36 PM

    Hello all,

     

    We are in the process of evaluating CPPM integration with MS Intune, I am referencing the latest extension technote (ClearPass_Integration-Guide_Microsoft-Intune_v2018-04.pdf). 

     

    I am curious about the compliance attribute, msft_complianceState attribute that is returned by Intune.  Is this a True/False attribute or do the values map to the Intune Device Compliance Policy State as shown below.

     

    Are there any other options for determining different levels of compliance?

     

    Thanks!

     

    • Compliant: The device successfully applied one or more device compliance policy settings.

    • In-grace period: The device is targeted with one or more device compliance policy settings. But, the user hasn't applied the policies yet. This means the device is not-compliant, but it's in the grace-period defined by the admin.

    • Not evaluated: An initial state for newly enrolled devices. Other possible reasons for this state include:

      • Devices that aren't assigned a compliance policy and don't have a trigger to check for compliance
      • Devices that haven't checked in since the compliance policy was last updated
      • Devices not associated to a specific user, such as:
        • iOS/iPadOS devices purchased through Apple's Device Enrollment Program (DEP) that don't have user affinity
        • Android kiosk or Android Enterprise dedicated devices
      • Devices enrolled with a device enrollment manager (DEM) account
    • Not-compliant: The device failed to apply one or more device compliance policy settings. Or, the user hasn't complied with the policies.

    • Device not synced: The device failed to report its device compliance policy status because one of the following reasons:

      • Unknown: The device is offline or failed to communicate with Intune or Azure AD for other reasons.

      • Error: The device failed to communicate with Intune and Azure AD, and received an error message with the reason.



  • 2.  RE: CPPM & MS Intune extension for device compliance

    Posted Oct 22, 2020 02:48 PM

    Did you see the ABC network channel on youtube with a step-by-step ClearPass Intune integration.

     

    https://www.youtube.com/watch?v=MlcrqTDDufU&list=PLsYGHuNuBZcYvFJgP9SF8uusi3uFj1kDB

     

    Maybe your intrested in this video's.

     



  • 3.  RE: CPPM & MS Intune extension for device compliance

    Posted Oct 22, 2020 08:23 PM

    It is not just "true/false" attribute. We use the code value that is supplied from Microsoft. It's just not the same display value that is in their UI.



  • 4.  RE: CPPM & MS Intune extension for device compliance

    Posted Oct 23, 2020 10:26 AM

    Fantastic!  Are you able to share or point me in the direction of the code mappings?  Any documentation available? 

     

    Thanks!



  • 5.  RE: CPPM & MS Intune extension for device compliance
    Best Answer

    Posted Oct 23, 2020 10:28 AM
    New MS Intune integration with CPPM guide by Jump
    https://support.hpe.com/hpesc/public/docDisplay?docId=a00106086en_us

    Sent from Mail for Windows 10


  • 6.  RE: CPPM & MS Intune extension for device compliance

    Posted Oct 23, 2020 12:56 PM

    Perfect!!  Thanks again!



  • 7.  RE: CPPM & MS Intune extension for device compliance

    Posted Oct 23, 2020 06:50 PM

    Please review the Intune Guide Victor linked above carfully, the new V5 of the InTune extension released October 1st has many changes compared to the previous versions, but it delivers MANY new features and IMO significantly more functionality.