Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
121
Views
0
Helpful
1
Replies

ISE and Entra ID with 1 certificate for multiple usecases

mverbon
Level 1
Level 1

‎04-25-2024 01:33 AM

Hi all,

I read the following URL, posted by Greg:
https://community.cisco.com/t5/security-knowledge-base/cisco-ise-with-microsoft-active-directory-azure-ad-and-intune/ta-p/4763635
Great document with lots of detailed information!

I have an additional question about this.
Is the following scenario also possible?:
1 device certificate with the following attributes
CN=UPN username@xxxx.onmicrosoft.com
SAN URI=GUID
And place this certificate in the Computer Certificate Store, and use 802.1x Computer Authentication
Certificate profile is configured to use the CN (UPN)
I think this sceanrio is not described, also the summary does not have this scenario.
What I want to achieve with only 1 Device certificate:
Authentication via EAP-TLS in ISE, Based on 802.1x Computer Authentication
Use the SAN URI for the compliancy check in MS Intune
Use the CN for User Group retrieval and other attributes from Entra ID

Thanks in advance,
Martin

0 Helpful
1 Reply 1

Arne Bier
VIP
VIP

‎04-30-2024 06:12 PM

Hi @mverbon 

 

Isn't this more of an Azure type of question? In other words, how to use Azure to onboard Windows PC and provision certs and supplicants on Windows OS?

0 Helpful
Customers Also Viewed These Support Documents