Security

Hi all,

Is it possible to synchronize AAD user groups from devices / users using the ClearPass Intune Extension?

To me the following stood out from the configuration, but I cannot seem to find any documentation regarding these settings:

{
    "logLevel": "INFO",
    "verifySSLCerts": true,
    "azureADEndpoint": "login.microsoftonline.com",
    "graphEndpoint": "graph.microsoft.com",
    "tenantId": "<>",
    "clientId": "<>",
    "clientSecret": "<>",
    "syncPageSize": 50,
    "enableSyncAll": true,
    "syncAllSchedule": "*/30 * * * *",
    "syncUpdatedOnly": true,
    "syncAllOnStart": false,
    "enableEndpointCache": false,
    "endpointCacheTimeSeconds": 900,
    "intuneAttributes": null,
    "enableUserGroups": false,
    "userGroupUpdateSchedule": "*/30 * * * *",
    "bypassProxy": false,
    "enableStats": true,
    "statsUsername": "intune_api",
    "statsPassword": "********"
}

I am using version 6.1.7 of the Microsoft Intune Extension, within ClearPass Guest.

We came across this topic: Airheads Community. However, no at that time it was confirmed no documentation was available.  

Hi Lex,

The intune extension is responsible to get the Intune attributes into the ClearPass Endpoint Repository, not Azure Intra ID attributes. 

For getting Entra ID Groups into ClearPass you can create a new authentication source which does a secure LDAP query to Intra ID. Note that only user groups is supported to fetch. In ClearPass 6.11 you can add a authentication source "Azure", it's possible in early version but then you have to manual create the queries.

• Only EAP-TLS is supported.
•  Username must be UPN

Some slides below

------------------------------
Marcel Koedijk | MVP Expert 2023 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opinions are my own
------------------------------