Wireless Access

Hi

I'm trying to setup device authentication on a new Azure domain with devices enrolled in Intune. I have successfully setup the app to bring the devices into the Endpoint database, however the issue I have is that our Intune is shared with other people and we aren't allowed to have all devices being sync'd. Is there a way to only bring down some devices from Intune?

I've also tried setting up Intune as an authorization source over http, but it won't let me leave the authentication source empty. I've read I should be able to leave it empty, is this possible?

Thanks

If you only have EAP-TLS and disabled Authorization in there, I think you can leave the authentication source empty.

But another option is to put in the endpoint database, of admin user repository, which isn't an issue for EAP-TLS as these users will not be able to authenticate with a certificate.

Using the Intune HTTP Authentication source may indeed get around the synchronization issue as it is a real-time lookup. I have not seen an option to filter the Intune Devices to be synchronized, and you could request that through your Partner or local Aruba SE who have access to Aruba Innovation Zone.

Hi

I'm trying to setup device authentication on a new Azure domain with devices enrolled in Intune. I have successfully setup the app to bring the devices into the Endpoint database, however the issue I have is that our Intune is shared with other people and we aren't allowed to have all devices being sync'd. Is there a way to only bring down some devices from Intune?

I've also tried setting up Intune as an authorization source over http, but it won't let me leave the authentication source empty. I've read I should be able to leave it empty, is this possible?

Thanks

Thanks for your reply. I have tried removing the authentication source but I just get the following message, I have tried it with authorization enabled and disabled. I have also tried setting Intune HTTP as an authentication source, but it is only supported as an authorization source, so I still need to select something for authentication.

If you only have EAP-TLS and disabled Authorization in there, I think you can leave the authentication source empty.

But another option is to put in the endpoint database, of admin user repository, which isn't an issue for EAP-TLS as these users will not be able to authenticate with a certificate.

Using the Intune HTTP Authentication source may indeed get around the synchronization issue as it is a real-time lookup. I have not seen an option to filter the Intune Devices to be synchronized, and you could request that through your Partner or local Aruba SE who have access to Aruba Innovation Zone.

Hi

I'm trying to setup device authentication on a new Azure domain with devices enrolled in Intune. I have successfully setup the app to bring the devices into the Endpoint database, however the issue I have is that our Intune is shared with other people and we aren't allowed to have all devices being sync'd. Is there a way to only bring down some devices from Intune?

I've also tried setting up Intune as an authorization source over http, but it won't let me leave the authentication source empty. I've read I should be able to leave it empty, is this possible?

Thanks

You can add Endpoint Repository/Admin User/Local Users as authentication source to save the service. If you have authorization disabled, it doesn't really matter what you put in there, as long as it's accepted. Without Authorization in your EAP-TLS method, the authentication source is not really used.

Thanks for your reply. I have tried removing the authentication source but I just get the following message, I have tried it with authorization enabled and disabled. I have also tried setting Intune HTTP as an authentication source, but it is only supported as an authorization source, so I still need to select something for authentication.

If you only have EAP-TLS and disabled Authorization in there, I think you can leave the authentication source empty.

But another option is to put in the endpoint database, of admin user repository, which isn't an issue for EAP-TLS as these users will not be able to authenticate with a certificate.

Using the Intune HTTP Authentication source may indeed get around the synchronization issue as it is a real-time lookup. I have not seen an option to filter the Intune Devices to be synchronized, and you could request that through your Partner or local Aruba SE who have access to Aruba Innovation Zone.

Hi

I'm trying to setup device authentication on a new Azure domain with devices enrolled in Intune. I have successfully setup the app to bring the devices into the Endpoint database, however the issue I have is that our Intune is shared with other people and we aren't allowed to have all devices being sync'd. Is there a way to only bring down some devices from Intune?

I've also tried setting up Intune as an authorization source over http, but it won't let me leave the authentication source empty. I've read I should be able to leave it empty, is this possible?

Thanks

You can add Endpoint Repository/Admin User/Local Users as authentication source to save the service. If you have authorization disabled, it doesn't really matter what you put in there, as long as it's accepted. Without Authorization in your EAP-TLS method, the authentication source is not really used.

Thanks for your reply. I have tried removing the authentication source but I just get the following message, I have tried it with authorization enabled and disabled. I have also tried setting Intune HTTP as an authentication source, but it is only supported as an authorization source, so I still need to select something for authentication.

If you only have EAP-TLS and disabled Authorization in there, I think you can leave the authentication source empty.

But another option is to put in the endpoint database, of admin user repository, which isn't an issue for EAP-TLS as these users will not be able to authenticate with a certificate.

Using the Intune HTTP Authentication source may indeed get around the synchronization issue as it is a real-time lookup. I have not seen an option to filter the Intune Devices to be synchronized, and you could request that through your Partner or local Aruba SE who have access to Aruba Innovation Zone.

Hi

I'm trying to setup device authentication on a new Azure domain with devices enrolled in Intune. I have successfully setup the app to bring the devices into the Endpoint database, however the issue I have is that our Intune is shared with other people and we aren't allowed to have all devices being sync'd. Is there a way to only bring down some devices from Intune?

I've also tried setting up Intune as an authorization source over http, but it won't let me leave the authentication source empty. I've read I should be able to leave it empty, is this possible?

Thanks

I'm not sure if i'm doing something wrong, i'm creating an eap-tls connection, with simple certificate selection and I still get the above issue. I have tried recreating the service from template, but this doesn't resolve it.

You can add Endpoint Repository/Admin User/Local Users as authentication source to save the service. If you have authorization disabled, it doesn't really matter what you put in there, as long as it's accepted. Without Authorization in your EAP-TLS method, the authentication source is not really used.

Thanks for your reply. I have tried removing the authentication source but I just get the following message, I have tried it with authorization enabled and disabled. I have also tried setting Intune HTTP as an authentication source, but it is only supported as an authorization source, so I still need to select something for authentication.

If you only have EAP-TLS and disabled Authorization in there, I think you can leave the authentication source empty.

But another option is to put in the endpoint database, of admin user repository, which isn't an issue for EAP-TLS as these users will not be able to authenticate with a certificate.

Using the Intune HTTP Authentication source may indeed get around the synchronization issue as it is a real-time lookup. I have not seen an option to filter the Intune Devices to be synchronized, and you could request that through your Partner or local Aruba SE who have access to Aruba Innovation Zone.

Hi

I'm trying to setup device authentication on a new Azure domain with devices enrolled in Intune. I have successfully setup the app to bring the devices into the Endpoint database, however the issue I have is that our Intune is shared with other people and we aren't allowed to have all devices being sync'd. Is there a way to only bring down some devices from Intune?

I've also tried setting up Intune as an authorization source over http, but it won't let me leave the authentication source empty. I've read I should be able to leave it empty, is this possible?

Thanks

The default EAP-TLS authentication method requires user authentication too. You can create a TLS authentication method with that unchecked. The RADIUS:IETF Username will be the Outer Identity unless you set an enforcement policy to change it.

I'm not sure if i'm doing something wrong, i'm creating an eap-tls connection, with simple certificate selection and I still get the above issue. I have tried recreating the service from template, but this doesn't resolve it.

You can add Endpoint Repository/Admin User/Local Users as authentication source to save the service. If you have authorization disabled, it doesn't really matter what you put in there, as long as it's accepted. Without Authorization in your EAP-TLS method, the authentication source is not really used.

Thanks for your reply. I have tried removing the authentication source but I just get the following message, I have tried it with authorization enabled and disabled. I have also tried setting Intune HTTP as an authentication source, but it is only supported as an authorization source, so I still need to select something for authentication.

If you only have EAP-TLS and disabled Authorization in there, I think you can leave the authentication source empty.

But another option is to put in the endpoint database, of admin user repository, which isn't an issue for EAP-TLS as these users will not be able to authenticate with a certificate.

Using the Intune HTTP Authentication source may indeed get around the synchronization issue as it is a real-time lookup. I have not seen an option to filter the Intune Devices to be synchronized, and you could request that through your Partner or local Aruba SE who have access to Aruba Innovation Zone.

Hi

I'm trying to setup device authentication on a new Azure domain with devices enrolled in Intune. I have successfully setup the app to bring the devices into the Endpoint database, however the issue I have is that our Intune is shared with other people and we aren't allowed to have all devices being sync'd. Is there a way to only bring down some devices from Intune?

I've also tried setting up Intune as an authorization source over http, but it won't let me leave the authentication source empty. I've read I should be able to leave it empty, is this possible?

Thanks

How would I create a TLS authentication with no user authentication? However I try and do it, it always requests that I select a source. I've also tried setting an enforcement policy to set the username, but the connection still uses the hostname as the outer identity and then changes it to the name in the policy. 

The default EAP-TLS authentication method requires user authentication too. You can create a TLS authentication method with that unchecked. The RADIUS:IETF Username will be the Outer Identity unless you set an enforcement policy to change it.

I'm not sure if i'm doing something wrong, i'm creating an eap-tls connection, with simple certificate selection and I still get the above issue. I have tried recreating the service from template, but this doesn't resolve it.

You can add Endpoint Repository/Admin User/Local Users as authentication source to save the service. If you have authorization disabled, it doesn't really matter what you put in there, as long as it's accepted. Without Authorization in your EAP-TLS method, the authentication source is not really used.

Thanks for your reply. I have tried removing the authentication source but I just get the following message, I have tried it with authorization enabled and disabled. I have also tried setting Intune HTTP as an authentication source, but it is only supported as an authorization source, so I still need to select something for authentication.

If you only have EAP-TLS and disabled Authorization in there, I think you can leave the authentication source empty.

But another option is to put in the endpoint database, of admin user repository, which isn't an issue for EAP-TLS as these users will not be able to authenticate with a certificate.

Using the Intune HTTP Authentication source may indeed get around the synchronization issue as it is a real-time lookup. I have not seen an option to filter the Intune Devices to be synchronized, and you could request that through your Partner or local Aruba SE who have access to Aruba Innovation Zone.

Hi

I'm trying to setup device authentication on a new Azure domain with devices enrolled in Intune. I have successfully setup the app to bring the devices into the Endpoint database, however the issue I have is that our Intune is shared with other people and we aren't allowed to have all devices being sync'd. Is there a way to only bring down some devices from Intune?

I've also tried setting up Intune as an authorization source over http, but it won't let me leave the authentication source empty. I've read I should be able to leave it empty, is this possible?

Thanks

How would I create a TLS authentication with no user authentication? However I try and do it, it always requests that I select a source. I've also tried setting an enforcement policy to set the username, but the connection still uses the hostname as the outer identity and then changes it to the name in the policy. 

The default EAP-TLS authentication method requires user authentication too. You can create a TLS authentication method with that unchecked. The RADIUS:IETF Username will be the Outer Identity unless you set an enforcement policy to change it.

I'm not sure if i'm doing something wrong, i'm creating an eap-tls connection, with simple certificate selection and I still get the above issue. I have tried recreating the service from template, but this doesn't resolve it.

You can add Endpoint Repository/Admin User/Local Users as authentication source to save the service. If you have authorization disabled, it doesn't really matter what you put in there, as long as it's accepted. Without Authorization in your EAP-TLS method, the authentication source is not really used.

Thanks for your reply. I have tried removing the authentication source but I just get the following message, I have tried it with authorization enabled and disabled. I have also tried setting Intune HTTP as an authentication source, but it is only supported as an authorization source, so I still need to select something for authentication.

If you only have EAP-TLS and disabled Authorization in there, I think you can leave the authentication source empty.

But another option is to put in the endpoint database, of admin user repository, which isn't an issue for EAP-TLS as these users will not be able to authenticate with a certificate.

Using the Intune HTTP Authentication source may indeed get around the synchronization issue as it is a real-time lookup. I have not seen an option to filter the Intune Devices to be synchronized, and you could request that through your Partner or local Aruba SE who have access to Aruba Innovation Zone.

Hi

I'm trying to setup device authentication on a new Azure domain with devices enrolled in Intune. I have successfully setup the app to bring the devices into the Endpoint database, however the issue I have is that our Intune is shared with other people and we aren't allowed to have all devices being sync'd. Is there a way to only bring down some devices from Intune?

I've also tried setting up Intune as an authorization source over http, but it won't let me leave the authentication source empty. I've read I should be able to leave it empty, is this possible?

Thanks

Here is what I am crafting in our Lab as a solution for TLS with eduroam. It has not yet been deployed into production. We are currently using Active Directory for Authorization.

I made an Authentication Method for TLS Certificate Only Notice the "Authorization Required box is NOT checked.

I had to make a custom Active Directory Authentication Source for Authorization using the Certificate Subject & User Principal Name instead of the outer identity & sAMAccountName.

You must have any CAs involved in issuing the certificates in the Trust List trusted for EAP.

in the service, 

• I set the condition RADIUS:IETF User-Name ENDS_WITH @[domain name]
• checked the Authorization box.
• Under Authentication, I just select the TLS Authentication method I created.
• Under Authorization, I select the AD Authentication Source I created

For Role Mapping, you can have rules like this:

I also have rules such as Authorization:[your source]:Groups EQUALS Staff mapping to Staff CPPM Role

In Enforcement, I have made a Reject Profile that sets the RADIUS:IETF User-Name to the Certificate Identity to aid in Access Tracker identification,

We also add that Attribute to our other Enforcement Profiles so clients can be identified.

I think I have mentioned everything here/

How would I create a TLS authentication with no user authentication? However I try and do it, it always requests that I select a source. I've also tried setting an enforcement policy to set the username, but the connection still uses the hostname as the outer identity and then changes it to the name in the policy. 

The default EAP-TLS authentication method requires user authentication too. You can create a TLS authentication method with that unchecked. The RADIUS:IETF Username will be the Outer Identity unless you set an enforcement policy to change it.

I'm not sure if i'm doing something wrong, i'm creating an eap-tls connection, with simple certificate selection and I still get the above issue. I have tried recreating the service from template, but this doesn't resolve it.

You can add Endpoint Repository/Admin User/Local Users as authentication source to save the service. If you have authorization disabled, it doesn't really matter what you put in there, as long as it's accepted. Without Authorization in your EAP-TLS method, the authentication source is not really used.

Thanks for your reply. I have tried removing the authentication source but I just get the following message, I have tried it with authorization enabled and disabled. I have also tried setting Intune HTTP as an authentication source, but it is only supported as an authorization source, so I still need to select something for authentication.

If you only have EAP-TLS and disabled Authorization in there, I think you can leave the authentication source empty.

But another option is to put in the endpoint database, of admin user repository, which isn't an issue for EAP-TLS as these users will not be able to authenticate with a certificate.

Using the Intune HTTP Authentication source may indeed get around the synchronization issue as it is a real-time lookup. I have not seen an option to filter the Intune Devices to be synchronized, and you could request that through your Partner or local Aruba SE who have access to Aruba Innovation Zone.

Hi

I'm trying to setup device authentication on a new Azure domain with devices enrolled in Intune. I have successfully setup the app to bring the devices into the Endpoint database, however the issue I have is that our Intune is shared with other people and we aren't allowed to have all devices being sync'd. Is there a way to only bring down some devices from Intune?

I've also tried setting up Intune as an authorization source over http, but it won't let me leave the authentication source empty. I've read I should be able to leave it empty, is this possible?

Thanks

This is great, thank you so much, it's the tick box in the authentication method that I was completely missing. I will have a proper look at what you've sent now, as I think it could be what I'm looking for. Thanks again.

Here is what I am crafting in our Lab as a solution for TLS with eduroam. It has not yet been deployed into production. We are currently using Active Directory for Authorization.

I made an Authentication Method for TLS Certificate Only Notice the "Authorization Required box is NOT checked.

I had to make a custom Active Directory Authentication Source for Authorization using the Certificate Subject & User Principal Name instead of the outer identity & sAMAccountName.

You must have any CAs involved in issuing the certificates in the Trust List trusted for EAP.

in the service, 

• I set the condition RADIUS:IETF User-Name ENDS_WITH @[domain name]
• checked the Authorization box.
• Under Authentication, I just select the TLS Authentication method I created.
• Under Authorization, I select the AD Authentication Source I created

For Role Mapping, you can have rules like this:

I also have rules such as Authorization:[your source]:Groups EQUALS Staff mapping to Staff CPPM Role

In Enforcement, I have made a Reject Profile that sets the RADIUS:IETF User-Name to the Certificate Identity to aid in Access Tracker identification,

We also add that Attribute to our other Enforcement Profiles so clients can be identified.

I think I have mentioned everything here/

------------------------------
Bruce Osborne ACCP ACMP
Liberty University

The views expressed here are my personal views and not those of my employer

Original Message:
Sent: Feb 28, 2023 04:36 AM
From: JD9
Subject: 802.1x Authentication with intune

How would I create a TLS authentication with no user authentication? However I try and do it, it always requests that I select a source. I've also tried setting an enforcement policy to set the username, but the connection still uses the hostname as the outer identity and then changes it to the name in the policy. 

The default EAP-TLS authentication method requires user authentication too. You can create a TLS authentication method with that unchecked. The RADIUS:IETF Username will be the Outer Identity unless you set an enforcement policy to change it.

I'm not sure if i'm doing something wrong, i'm creating an eap-tls connection, with simple certificate selection and I still get the above issue. I have tried recreating the service from template, but this doesn't resolve it.

You can add Endpoint Repository/Admin User/Local Users as authentication source to save the service. If you have authorization disabled, it doesn't really matter what you put in there, as long as it's accepted. Without Authorization in your EAP-TLS method, the authentication source is not really used.

Thanks for your reply. I have tried removing the authentication source but I just get the following message, I have tried it with authorization enabled and disabled. I have also tried setting Intune HTTP as an authentication source, but it is only supported as an authorization source, so I still need to select something for authentication.

If you only have EAP-TLS and disabled Authorization in there, I think you can leave the authentication source empty.

But another option is to put in the endpoint database, of admin user repository, which isn't an issue for EAP-TLS as these users will not be able to authenticate with a certificate.

Using the Intune HTTP Authentication source may indeed get around the synchronization issue as it is a real-time lookup. I have not seen an option to filter the Intune Devices to be synchronized, and you could request that through your Partner or local Aruba SE who have access to Aruba Innovation Zone.

Hi

I'm trying to setup device authentication on a new Azure domain with devices enrolled in Intune. I have successfully setup the app to bring the devices into the Endpoint database, however the issue I have is that our Intune is shared with other people and we aren't allowed to have all devices being sync'd. Is there a way to only bring down some devices from Intune?

I've also tried setting up Intune as an authorization source over http, but it won't let me leave the authentication source empty. I've read I should be able to leave it empty, is this possible?

Thanks

was this the solution for macOS/IOS  devices as well? was there any ClearPass and Intune integration required?

This is great, thank you so much, it's the tick box in the authentication method that I was completely missing. I will have a proper look at what you've sent now, as I think it could be what I'm looking for. Thanks again.

Here is what I am crafting in our Lab as a solution for TLS with eduroam. It has not yet been deployed into production. We are currently using Active Directory for Authorization.

I made an Authentication Method for TLS Certificate Only Notice the "Authorization Required box is NOT checked.

I had to make a custom Active Directory Authentication Source for Authorization using the Certificate Subject & User Principal Name instead of the outer identity & sAMAccountName.

You must have any CAs involved in issuing the certificates in the Trust List trusted for EAP.

in the service, 

• I set the condition RADIUS:IETF User-Name ENDS_WITH @[domain name]
• checked the Authorization box.
• Under Authentication, I just select the TLS Authentication method I created.
• Under Authorization, I select the AD Authentication Source I created

For Role Mapping, you can have rules like this:

I also have rules such as Authorization:[your source]:Groups EQUALS Staff mapping to Staff CPPM Role

In Enforcement, I have made a Reject Profile that sets the RADIUS:IETF User-Name to the Certificate Identity to aid in Access Tracker identification,

We also add that Attribute to our other Enforcement Profiles so clients can be identified.

I think I have mentioned everything here/

------------------------------
Bruce Osborne ACCP ACMP
Liberty University

The views expressed here are my personal views and not those of my employer

Original Message:
Sent: Feb 28, 2023 04:36 AM
From: JD9
Subject: 802.1x Authentication with intune

How would I create a TLS authentication with no user authentication? However I try and do it, it always requests that I select a source. I've also tried setting an enforcement policy to set the username, but the connection still uses the hostname as the outer identity and then changes it to the name in the policy. 

The default EAP-TLS authentication method requires user authentication too. You can create a TLS authentication method with that unchecked. The RADIUS:IETF Username will be the Outer Identity unless you set an enforcement policy to change it.

I'm not sure if i'm doing something wrong, i'm creating an eap-tls connection, with simple certificate selection and I still get the above issue. I have tried recreating the service from template, but this doesn't resolve it.

You can add Endpoint Repository/Admin User/Local Users as authentication source to save the service. If you have authorization disabled, it doesn't really matter what you put in there, as long as it's accepted. Without Authorization in your EAP-TLS method, the authentication source is not really used.

Thanks for your reply. I have tried removing the authentication source but I just get the following message, I have tried it with authorization enabled and disabled. I have also tried setting Intune HTTP as an authentication source, but it is only supported as an authorization source, so I still need to select something for authentication.

If you only have EAP-TLS and disabled Authorization in there, I think you can leave the authentication source empty.

But another option is to put in the endpoint database, of admin user repository, which isn't an issue for EAP-TLS as these users will not be able to authenticate with a certificate.

Using the Intune HTTP Authentication source may indeed get around the synchronization issue as it is a real-time lookup. I have not seen an option to filter the Intune Devices to be synchronized, and you could request that through your Partner or local Aruba SE who have access to Aruba Innovation Zone.

Hi

I'm trying to setup device authentication on a new Azure domain with devices enrolled in Intune. I have successfully setup the app to bring the devices into the Endpoint database, however the issue I have is that our Intune is shared with other people and we aren't allowed to have all devices being sync'd. Is there a way to only bring down some devices from Intune?

I've also tried setting up Intune as an authorization source over http, but it won't let me leave the authentication source empty. I've read I should be able to leave it empty, is this possible?

Thanks

was this the solution for macOS/IOS  devices as well? was there any ClearPass and Intune integration required?

This is great, thank you so much, it's the tick box in the authentication method that I was completely missing. I will have a proper look at what you've sent now, as I think it could be what I'm looking for. Thanks again.

Here is what I am crafting in our Lab as a solution for TLS with eduroam. It has not yet been deployed into production. We are currently using Active Directory for Authorization.

I made an Authentication Method for TLS Certificate Only Notice the "Authorization Required box is NOT checked.

I had to make a custom Active Directory Authentication Source for Authorization using the Certificate Subject & User Principal Name instead of the outer identity & sAMAccountName.

You must have any CAs involved in issuing the certificates in the Trust List trusted for EAP.

in the service, 

• I set the condition RADIUS:IETF User-Name ENDS_WITH @[domain name]
• checked the Authorization box.
• Under Authentication, I just select the TLS Authentication method I created.
• Under Authorization, I select the AD Authentication Source I created

For Role Mapping, you can have rules like this:

I also have rules such as Authorization:[your source]:Groups EQUALS Staff mapping to Staff CPPM Role

In Enforcement, I have made a Reject Profile that sets the RADIUS:IETF User-Name to the Certificate Identity to aid in Access Tracker identification,

We also add that Attribute to our other Enforcement Profiles so clients can be identified.

I think I have mentioned everything here/

------------------------------
Bruce Osborne ACCP ACMP
Liberty University

The views expressed here are my personal views and not those of my employer

Original Message:
Sent: Feb 28, 2023 04:36 AM
From: JD9
Subject: 802.1x Authentication with intune

How would I create a TLS authentication with no user authentication? However I try and do it, it always requests that I select a source. I've also tried setting an enforcement policy to set the username, but the connection still uses the hostname as the outer identity and then changes it to the name in the policy. 

The default EAP-TLS authentication method requires user authentication too. You can create a TLS authentication method with that unchecked. The RADIUS:IETF Username will be the Outer Identity unless you set an enforcement policy to change it.

I'm not sure if i'm doing something wrong, i'm creating an eap-tls connection, with simple certificate selection and I still get the above issue. I have tried recreating the service from template, but this doesn't resolve it.

You can add Endpoint Repository/Admin User/Local Users as authentication source to save the service. If you have authorization disabled, it doesn't really matter what you put in there, as long as it's accepted. Without Authorization in your EAP-TLS method, the authentication source is not really used.

Thanks for your reply. I have tried removing the authentication source but I just get the following message, I have tried it with authorization enabled and disabled. I have also tried setting Intune HTTP as an authentication source, but it is only supported as an authorization source, so I still need to select something for authentication.

If you only have EAP-TLS and disabled Authorization in there, I think you can leave the authentication source empty.

But another option is to put in the endpoint database, of admin user repository, which isn't an issue for EAP-TLS as these users will not be able to authenticate with a certificate.

Using the Intune HTTP Authentication source may indeed get around the synchronization issue as it is a real-time lookup. I have not seen an option to filter the Intune Devices to be synchronized, and you could request that through your Partner or local Aruba SE who have access to Aruba Innovation Zone.

Hi

I'm trying to setup device authentication on a new Azure domain with devices enrolled in Intune. I have successfully setup the app to bring the devices into the Endpoint database, however the issue I have is that our Intune is shared with other people and we aren't allowed to have all devices being sync'd. Is there a way to only bring down some devices from Intune?

I've also tried setting up Intune as an authorization source over http, but it won't let me leave the authentication source empty. I've read I should be able to leave it empty, is this possible?

Thanks