Security

We are planning to roll out device certificates through the Intune SCEP Extension for Onboard Enrollment according to this technote: https://www.arubanetworks.com/techdocs/ClearPass/TechNotes/Extensions-Intune-Onboard/Default.htm
Unfortunately, the Intune SCEP extension relies on the deprecated Azure Active Directory Graph API, which will be shut down after June 30, 2023. Are there any plans to migrate the extension to the Microsoft Graph API soon? Or would it be wise to go for another workflow?

------------------------------
Thanks
Daniel
------------------------------

You can use PacketFence's Intune SCEP integration by itself, I helped patch it for the MS Graph API a few months ago. PacketFence is a whole RADIUS server but you don't need to touch the RADIUS bits to use its CA. Also AGPL is a lot cheaper than Onboard licensing ...
Original Message:
Sent: Jan 17, 2023 04:44 AM
From: djanssen
Subject: Microsoft Intune SCEP Extension

We are planning to roll out device certificates through the Intune SCEP Extension for Onboard Enrollment according to this technote: https://www.arubanetworks.com/techdocs/ClearPass/TechNotes/Extensions-Intune-Onboard/Default.htm
Unfortunately, the Intune SCEP extension relies on the deprecated Azure Active Directory Graph API, which will be shut down after June 30, 2023. Are there any plans to migrate the extension to the Microsoft Graph API soon? Or would it be wise to go for another workflow?

------------------------------
Thanks
Daniel
------------------------------

The official support of Intune SCEP is coming 'shortly'.
Original Message:
Sent: Jan 17, 2023 04:44 AM
From: djanssen
Subject: Microsoft Intune SCEP Extension

We are planning to roll out device certificates through the Intune SCEP Extension for Onboard Enrollment according to this technote: https://www.arubanetworks.com/techdocs/ClearPass/TechNotes/Extensions-Intune-Onboard/Default.htm
Unfortunately, the Intune SCEP extension relies on the deprecated Azure Active Directory Graph API, which will be shut down after June 30, 2023. Are there any plans to migrate the extension to the Microsoft Graph API soon? Or would it be wise to go for another workflow?

------------------------------
Thanks
Daniel
------------------------------

The current extension ID now points to a 1.1.0 version that removes the deprecated API.  You no longer need the AD Graph permission.  Docs and a formal public release coming soon.
Original Message:
Sent: Jan 18, 2023 03:31 PM
From: gbenedict
Subject: Microsoft Intune SCEP Extension

The official support of Intune SCEP is coming 'shortly'.
Original Message:
Sent: Jan 17, 2023 04:44 AM
From: djanssen
Subject: Microsoft Intune SCEP Extension

We are planning to roll out device certificates through the Intune SCEP Extension for Onboard Enrollment according to this technote: https://www.arubanetworks.com/techdocs/ClearPass/TechNotes/Extensions-Intune-Onboard/Default.htm
Unfortunately, the Intune SCEP extension relies on the deprecated Azure Active Directory Graph API, which will be shut down after June 30, 2023. Are there any plans to migrate the extension to the Microsoft Graph API soon? Or would it be wise to go for another workflow?

------------------------------
Thanks
Daniel
------------------------------

Garth,

thanks for your reply. Didn't expect such a quick response, really appreciate that. At first glance, version 1.1.0 works fine for us!

------------------------------
Thanks
Daniel
------------------------------

Original Message:
Sent: Jan 18, 2023 04:33 PM
From: gbenedict
Subject: Microsoft Intune SCEP Extension

The current extension ID now points to a 1.1.0 version that removes the deprecated API.  You no longer need the AD Graph permission.  Docs and a formal public release coming soon.
Original Message:
Sent: Jan 18, 2023 03:31 PM
From: gbenedict
Subject: Microsoft Intune SCEP Extension

The official support of Intune SCEP is coming 'shortly'.
Original Message:
Sent: Jan 17, 2023 04:44 AM
From: djanssen
Subject: Microsoft Intune SCEP Extension

We are planning to roll out device certificates through the Intune SCEP Extension for Onboard Enrollment according to this technote: https://www.arubanetworks.com/techdocs/ClearPass/TechNotes/Extensions-Intune-Onboard/Default.htm
Unfortunately, the Intune SCEP extension relies on the deprecated Azure Active Directory Graph API, which will be shut down after June 30, 2023. Are there any plans to migrate the extension to the Microsoft Graph API soon? Or would it be wise to go for another workflow?

------------------------------
Thanks
Daniel
------------------------------

Great to hear.  Feel free to tag me with any feedback.  Do you use it in conjunction with the Intune inventory extension for policy?
Original Message:
Sent: Jan 19, 2023 10:29 AM
From: djanssen
Subject: Microsoft Intune SCEP Extension

Garth,

thanks for your reply. Didn't expect such a quick response, really appreciate that. At first glance, version 1.1.0 works fine for us!

------------------------------
Thanks
Daniel

Original Message:
Sent: Jan 18, 2023 04:33 PM
From: gbenedict
Subject: Microsoft Intune SCEP Extension

The current extension ID now points to a 1.1.0 version that removes the deprecated API.  You no longer need the AD Graph permission.  Docs and a formal public release coming soon.
Original Message:
Sent: Jan 18, 2023 03:31 PM
From: gbenedict
Subject: Microsoft Intune SCEP Extension

The official support of Intune SCEP is coming 'shortly'.
Original Message:
Sent: Jan 17, 2023 04:44 AM
From: djanssen
Subject: Microsoft Intune SCEP Extension

We are planning to roll out device certificates through the Intune SCEP Extension for Onboard Enrollment according to this technote: https://www.arubanetworks.com/techdocs/ClearPass/TechNotes/Extensions-Intune-Onboard/Default.htm
Unfortunately, the Intune SCEP extension relies on the deprecated Azure Active Directory Graph API, which will be shut down after June 30, 2023. Are there any plans to migrate the extension to the Microsoft Graph API soon? Or would it be wise to go for another workflow?

------------------------------
Thanks
Daniel
------------------------------

I like to share some experiences we made so far with the current extension. At this point, we do not use the inventory extension yet but we plan to.

We noticed that at least for iOS devices Intune will request two certificates which will lead to two times more licenses (OnBoard) beeing used. But it seems that this is a known/expected behaviour of Intune and we have to deal with this via Script/API.

We also noticed, that the extension shuts down unexpectedly sometimes without any errors logged. We have to further investigate on that.

Looking forward to the formal public release of this!

------------------------------
Thanks
Daniel
------------------------------

Original Message:
Sent: Jan 19, 2023 11:32 AM
From: gbenedict
Subject: Microsoft Intune SCEP Extension

Great to hear.  Feel free to tag me with any feedback.  Do you use it in conjunction with the Intune inventory extension for policy?
Original Message:
Sent: Jan 19, 2023 10:29 AM
From: djanssen
Subject: Microsoft Intune SCEP Extension

Garth,

thanks for your reply. Didn't expect such a quick response, really appreciate that. At first glance, version 1.1.0 works fine for us!

------------------------------
Thanks
Daniel

Original Message:
Sent: Jan 18, 2023 04:33 PM
From: gbenedict
Subject: Microsoft Intune SCEP Extension

The current extension ID now points to a 1.1.0 version that removes the deprecated API.  You no longer need the AD Graph permission.  Docs and a formal public release coming soon.
Original Message:
Sent: Jan 18, 2023 03:31 PM
From: gbenedict
Subject: Microsoft Intune SCEP Extension

The official support of Intune SCEP is coming 'shortly'.
Original Message:
Sent: Jan 17, 2023 04:44 AM
From: djanssen
Subject: Microsoft Intune SCEP Extension

We are planning to roll out device certificates through the Intune SCEP Extension for Onboard Enrollment according to this technote: https://www.arubanetworks.com/techdocs/ClearPass/TechNotes/Extensions-Intune-Onboard/Default.htm
Unfortunately, the Intune SCEP extension relies on the deprecated Azure Active Directory Graph API, which will be shut down after June 30, 2023. Are there any plans to migrate the extension to the Microsoft Graph API soon? Or would it be wise to go for another workflow?

------------------------------
Thanks
Daniel
------------------------------