Security

Couple questions in the regards of CPPM and Intune extension.

Sysinfo: CPPM 6.7.9, cluster of two nodes. Using intune extension v4.0.0.

1) Any special considerations needed when deploying in a cluster?

For now I ran all commands following the latest guides on the publisher, I assume this is the way, but a bit unsure in terms of the extension IP.

2) Having the extension installed and added as an authorization source for the standard 802.1x CPPM service causes logins every so often to timeout.

Access tracker reveals:

Failed to get value for attributes=[OS Family].
Session failed for Host=http://172.17.0.2, Reason=[get::<easy_perform>, (error=56) Failure when receiving data from the peer].
[MS Intune Auth Source] - authorization took 30 secs

Whenever the timeout doesn't happen I can see the gathered intune attributes.

Nopes, thought it was enough that the publisher node had the extension running. Setting it up on both nodes seem to have resolved it.

Should I be using the same IP on boths nodes of the cluster or choose a new one for the subscriber?

I want to echo BobC's question.  I have 7 subscribers that I need to configure for the Intune extension (publisher is already configured).  Do I use all of the same Azure information for the entire cluster (tenantID, ClientID, and clientSecret), as well as the same IP address?  Based on sharing a single auth source it would make sense that all 8 CPPM servers would use the same IP address.

The entire configuration should be the same on every node, including the extension IP.

Thanks Tim, our cluster configuration for Intune is complete.