Meraki BYOD with Intune Integration

AlexP1
Conversationalist

Meraki BYOD with Intune Integration

Hello, 

 

I have a question and i will know if you we can do this in meraki enviroment. 

 

We have Intune MDM, and Azure AD, and we have buy licenses for BYOD devices. 

We will have Intune as MDM and from there we push certificate to our clients. 

We will also have Meraki as BYOD for our mobile phones!! 

Our goal is : if our clients (mobile phones) come in to our company at connect automatically to BYOD SSID. 

But only the devices which is register to Intune!! 

Can we integrate Meraki with Intune?

How can we do it?? With API? 

I can't find any example!!!! 

 

/Alex 

8 REPLIES 8
alemabrahao
Kind of a big deal
GreenMan
Meraki Employee

I would have thought you could use InTune to push a WiFi profile with digital certs and config for EAP authentication for full 802.1X with a RADIUS server - that way you end up with WiFi encryption too - not just authentication.

AlexP1
Conversationalist

Yes, but the question is how can i do this?

I have not found any dokumentation or anything in the google as describe this exactly! 

GreenMan
Meraki Employee

Well - all the cleverest stuff in such deployments is done by either InTune (check Microsoft documentation) or the RADIUS server.   Do you already have a RADIUS setup?   You could consider Cisco ISE, for which this would be a good place to start:   https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/214975-configure-eap-tl...

 

Have a read of this to understand the Meraki AP role in the setup:  https://documentation.meraki.com/MR/Encryption_and_Authentication/RADIUS%3A_WPA2-Enterprise_With_EAP...

It mainly acts to relay details between the client and RADIUS server and implement the authentication decisions and related stuff arising from the RADIUS server's intervention.

 

Having separate vendors for the various components of such setups can make it more difficult to implement.    This is why some customers choose to simplify as far as possible;   using Meraki Systems Manager for MDM, with Meraki APs and Cisco ISE for RADIUS.   You still have other vendors for the client OS's + 802.1x supplicants, of course, but it can really help.

AlexP1
Conversationalist

Thank you again!

I can check all the links!

 

We have NPS windows as Radius server, and have register our devices to Intune(MDM is there) !!! 

We will not use the Meraki System manager as MDM! 

Right now we will keep it this setup as is, and i hope we can Configure properly 🙂 

 

/Alex

 

 

 

 

GreenMan
Meraki Employee

Whilst this covers only PEAP-MSCHAPv2 (which uses username+pwd for client auth, rather than certs) this doc would be a good starting point for understanding Meraki working with NPS.   https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_...

You will need to consult NPS documentation for more detail around using cert-based client auth.   Have you considered working with a partner IT company to help you integrate these things?   A good one will have done this before.

AlexP1
Conversationalist

Yes we have done it! 

We will have a partner to do this configuration!!

But i will ask here to this forum, because i have check it in the internet and cant found how can we do this with "steps" 

Curiosity 🙂 

 

But thank you for your reply 🙂 

PhilipDAth
Kind of a big deal

This is the short story - choose either Intune or Meraki MDM.

 

Trying to use too competing MDMs will cause you heartache.  MDMs do not place together nicely.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.