Meraki AP integration with Intune

Guac55
Here to help

Meraki AP integration with Intune

Hello, 

 

I am brand new to Meraki wireless world, and I have received a few demo APs for POC. Looking for some guidance/suggestions on below:

 

1. Is there a way for Meraki AP to make an API call to Intune to validate if the device is compliant? Currently, Intune pushes cert to iPhones & Cisco ISE makes an Oauth call to Intune to check if the device that's trying to connect is compliant. I don't manage ISE so this is my understanding of how it currently works. What we are looking for is to eliminate the ISE servers and make wireless work independently of ISE. 

2 Replies 2
PaulF
Meraki Employee
Meraki Employee

Hi @Guac55 and welcome!

 

So, there's a few things we could do here, but none of them involve Intune.

 

Meraki Systems Manager and Meraki MR have a technology called Sentry WiFi. This allows you, with nothing more than a handful of clicks, to provision devices with certificates bound to management (so that if you removed management, the cert would be removed too), which are then used for authentication.

 

What you can do is use the various pieces of inventory and posture that we get back from a device to determine whether it has the right to continue to have the cert: Not compliant, no cert.

 

However, if you were to look at MX in your network, then you could use Sentry Policies: This would allow you to determine the behavior of the device on your network: The posture of the device could be used to force a device onto a particular VLAN if it had a piece of unapproved software installed, wasn't running the latest version of the OS, and a whole host of other use cases

 

https://documentation.meraki.com/SM/Deployment_Guides/Systems_Manager_Sentry_Overview

 

However, we understand that moving MDM providers may not be in your roadmap. So, there's also another technology called Trusted Access that allows you to provision devices with certificates, but without the management.

 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Trusted_Access_for_Se...

 

However, Trusted Access doesn't completely fulfill your use case, as there's no posture check

 

Anything that doesn't involve the above would be custom development on your side, alas.

Ste
Comes here often

Hi @PaulF,

 

I'm testing Trusted Access and it is ok for IOS device but if I try to use it with a windows machine Intune Joined is not possible because Trusted Access for windows now requre Registering the Device but device isjust registered under Intune. 

 

Is there any chance to have Trusted Access working with Intune registered devices?

 

thank you

 

Ste_0-1729497641921.png

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels