Security

Hi all

I have a customer who has CPPM making an API call to Intune and sucking in all the endpoint data to the endpoint database. Using this, his laptops can all auth using EAP-TLS while also checking a couple of intune attributes before receiving an allow-all rule or an internet-only rule depending on what is in Intune.

Adroid devices, however, auth with EAP-TLS happily but fail as they all present the same MAC address, 02:00:00:00:00:00. So when Clearpass looks it up in the endpoint database, it's viewing completely the wrong device. Intune's sync seems to import a different device every time it syncs.

Any ideas how I can resolve this?

What sort of enrolment are the Android devices using? Since October 2021: https://docs.microsoft.com/en-us/mem/intune/fundamentals/whats-new#removal-of-wi-fi-mac-address-on-specific-android-enterprise-devices

------------------------------
James Andrewartha
------------------------------

Original Message:
Sent: May 25, 2022 07:54 AM
From: David Manson
Subject: Android devices in Intune all have the same MAC 02:00:00:00:00:00

Hi all

I have a customer who has CPPM making an API call to Intune and sucking in all the endpoint data to the endpoint database. Using this, his laptops can all auth using EAP-TLS while also checking a couple of intune attributes before receiving an allow-all rule or an internet-only rule depending on what is in Intune.

Adroid devices, however, auth with EAP-TLS happily but fail as they all present the same MAC address, 02:00:00:00:00:00. So when Clearpass looks it up in the endpoint database, it's viewing completely the wrong device. Intune's sync seems to import a different device every time it syncs.

Any ideas how I can resolve this?

Also have a look in the graph explorer and see what MAC address is returned for those devices - for my newly enrolled personally-owned work profile device it has "wiFiMacAddress": null and "wifiMac": null (don't ask me why Intune reports it twice).

https://developer.microsoft.com/en-us/graph/graph-explorer with this Query URL https://graph.microsoft.com/beta/deviceManagement/managedDevices/{Intune Device ID}

I had a look and couldn't find my recently-enrolled personally-owned work profile device in the endpoint database, but I did find an older one which has multiple MAC addresses since it has per-SSID MAC address privacy enabled.

------------------------------
James Andrewartha
------------------------------

Original Message:
Sent: May 25, 2022 11:55 PM
From: James Andrewartha
Subject: Android devices in Intune all have the same MAC 02:00:00:00:00:00

What sort of enrolment are the Android devices using? Since October 2021:

Intune will no longer display a Wi-Fi MAC address for newly enrolled personally-owned work profile devices and devices managed with device administrator running Android 9 and above.

https://docs.microsoft.com/en-us/mem/intune/fundamentals/whats-new#removal-of-wi-fi-mac-address-on-specific-android-enterprise-devices

------------------------------
James Andrewartha

Original Message:
Sent: May 25, 2022 07:54 AM
From: David Manson
Subject: Android devices in Intune all have the same MAC 02:00:00:00:00:00

Hi all

I have a customer who has CPPM making an API call to Intune and sucking in all the endpoint data to the endpoint database. Using this, his laptops can all auth using EAP-TLS while also checking a couple of intune attributes before receiving an allow-all rule or an internet-only rule depending on what is in Intune.

Adroid devices, however, auth with EAP-TLS happily but fail as they all present the same MAC address, 02:00:00:00:00:00. So when Clearpass looks it up in the endpoint database, it's viewing completely the wrong device. Intune's sync seems to import a different device every time it syncs.

Any ideas how I can resolve this?