ClearPass and Intune Integration assistance
06-13-2019 06:46 PM
I have a customer who wishes to integrate ClearPass with Microsoft Intune. There are two requirements:
1 - ClearPass will put mobile device in a limtied access VLAN/user role if 'non-compliant' as reported by Intune.
2 - When new device which has never been onboarded connects to the network, it must be presented with instructions on how to be enrolled with Intune. When they have successfully onboarded and the Wireless Profiles are pushed down, they are free to use the corporate SSID.
My questions are:
1 - What kind of access should the device be granted if Intune reports a non-compliant status? Internet Only? Or none, and redirected to a URL that tells them they are non compliant? What is best practice here?
2 - What is the most seemless way to get a new device enrolled in Intune so they can access the corporate SSID?
Thanks in advance,
Re: ClearPass and Intune Integration assistance
06-14-2019 09:50 AM
For the non compliant devices, it makes sense to redirect them to a web page that provides them instructions. This can be a page hosted on clearpass itself. So you can choose to provide them only http/https access to ClearPass. However if they need access to Intune to become compliant, might be a good idea to allow that too.
For new devices, we can have a separate role / captive portal redirection that gives them onboarding instructions. we could allow whatever access is needed to onboard the device as well.