Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Corporate Wi-Fi with CPPM & Azure AD

This thread has been viewed 13 times

  • 1.  Corporate Wi-Fi with CPPM & Azure AD

    Posted May 16, 2018 02:25 PM

    Hi All,

     

    I'm looking for recommendation on how to utilise CPPM and Azure AD for corporate WI-Fi managed devices.

     

    How have other set this up?

     

    I don't see onboarding as a valid option.

     

     



  • 2.  RE: Corporate Wi-Fi with CPPM & Azure AD

    EMPLOYEE
    Posted May 16, 2018 02:59 PM
    Onboard or Intune with ADCS.


  • 3.  RE: Corporate Wi-Fi with CPPM & Azure AD

    MVP EXPERT
    Posted Sep 11, 2019 04:43 PM

    Any progress on this topic?

     

    What about customers that dont have an onpremise AD, only have Azure AD with intune. The customer dont want to have onboarding and want EAP-TLS computer certificates, not user certificates?

     

    Are there some other options on this to use azure as authentication source.



  • 4.  RE: Corporate Wi-Fi with CPPM & Azure AD

    EMPLOYEE
    Posted Sep 12, 2019 11:45 AM

    Intune can issue machine certificates via ADCS.



  • 5.  RE: Corporate Wi-Fi with CPPM & Azure AD

    MVP EXPERT
    Posted Sep 12, 2019 12:53 PM

    Hi Tim,

     

    Many thanks for your reply.

     

    We known howto enroll computer certificate with Intune. Also  how to fetch attributes from Azure and use that in Clearpass authorization. To do that we use the ClearPass extention "microsoft-intune".

     

    The only thing i dont understand is what will be used as authentication source without having an onpremise AD or Onboarding.

     

     

     

     

     

     

     



  • 6.  RE: Corporate Wi-Fi with CPPM & Azure AD

    EMPLOYEE
    Posted Sep 12, 2019 01:18 PM

    There is no authentication source for certificate-based auth with AAD.



  • 7.  RE: Corporate Wi-Fi with CPPM & Azure AD

    MVP EXPERT
    Posted Sep 12, 2019 01:56 PM

    iam lost here...:)

     

    How can i create a clearpass service without an authentication source?

     

    When i put it on local host and authenticate with a itune device. Accesstracker eap-tls request said "username host\laptop123 not found in local repository". When i put the hostname in the local user repository it will succeed.

     

    Screen Shot 2019-09-12 at 19.45.01.png

     



  • 8.  RE: Corporate Wi-Fi with CPPM & Azure AD

    EMPLOYEE
    Posted Sep 12, 2019 02:26 PM

    You need to create an EAP-TLS method with authorization disabled.



  • 9.  RE: Corporate Wi-Fi with CPPM & Azure AD

    MVP EXPERT
    Posted Sep 12, 2019 02:46 PM

    That is great! Thanks a lot Tim!



  • 10.  RE: Corporate Wi-Fi with CPPM & Azure AD

    Posted Mar 31, 2020 05:02 PM

    Hi,

    Did you get this working.  Can you share a copy of the Service configuration?

     

    Kind regards

    Raymond



  • 11.  RE: Corporate Wi-Fi with CPPM & Azure AD

    MVP EXPERT
    Posted Mar 31, 2020 05:23 PM

    Recent mitchel post an excellent youtube serie about clearpass with intune integration. That you must see!

     

    https://youtu.be/MlcrqTDDufU

     

    hope this help you