Hi all,
I read the following URL, posted by Greg:
https://community.cisco.com/t5/security-knowledge-base/cisco-ise-with-microsoft-active-directory-azure-ad-and-intune/ta-p/4763635
Great document with lots of detailed information!
I have an additional question about this.
Is the following scenario also possible?:
1 device certificate with the following attributes
CN=UPN username@xxxx.onmicrosoft.com
SAN URI=GUID
And place this certificate in the Computer Certificate Store, and use 802.1x Computer Authentication
Certificate profile is configured to use the CN (UPN)
I think this sceanrio is not described, also the summary does not have this scenario.
What I want to achieve with only 1 Device certificate:
Authentication via EAP-TLS in ISE, Based on 802.1x Computer Authentication
Use the SAN URI for the compliancy check in MS Intune
Use the CN for User Group retrieval and other attributes from Entra ID
Thanks in advance,
Martin