Direct Azure AD Integration with Cisco Meraki

FedericoC
Conversationalist

Direct Azure AD Integration with Cisco Meraki

Hello everyone!
I need to enable the 802.1x protocol on our network and I would like to integrate it with EntraID since we are moving towards a full cloud organization and we use M365.
In our company, all users have 365 Business Premium licenses, the PCs are Entra ID-joined and managed with Intune. Additionally, we use the Microsoft platform for all the services provided.
We don't have any physical Domain Controller servers on our network, and I don't want to use a physical RADIUS server with the NPS role active.


I've read about the possibility of using Cisco ISE, but I was wondering if there is a native Meraki integration for using 802.1x by authenticating with users on EntraID.
Do you know if this is possible or if it is under development?

 

Thanks

2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal

There is no native integration.  You would need to use a third-party "Radius as a Service" provider with Entra ID support.

 

HOWEVER, given your use case - I would instead move towards zero trust - and don't trust the local network.  Only use it to provide Internet access.  No 802.1x required.

 

With Business Premium you could/should use device compliance and use conditional access policy to enforce only authorised devices are allowed to access your systems.

 

I appreciate tihs is quite diffificult if you don't have a mature cyber policy.  It often takes companies many years to get mature enough with their cyber deployments to get to this stage.

 

Another way of achieving this is to use Cisco Secure Connect Plus with the "Complete" package.

https://www.cisco.com/c/en/us/products/collateral/plus-as-a-service/secure-connect-now-ds.html

This DOES integrate with Entra ID, and assumes the local network is untrusted (zero trust).  It will provide users with the same access to resources weather they are in the office or at home).  You can also use conditional access policies to restrict access to the Umbrella SIG IP address ranges so no one can access your enviroment unless they have come thorugh this system.

 

And it does integrate with Meraki.

FedericoC
Conversationalist

Hi,

Thank you for the advice you gave me and for suggesting the Zero Trust approach.

In case we decide to go for a third-party "Radius-as-a-Service," do you have experience with any vendor/brand?

 

Thanks

Get notified when there are additional replies to this discussion.