Meraki AP integration with Intune


Meraki AP integration with Intune



I am brand new to Meraki wireless world, and I have received a few demo APs for POC. Looking for some guidance/suggestions on below:


1. Is there a way for Meraki AP to make an API call to Intune to validate if the device is compliant? Currently, Intune pushes cert to iPhones & Cisco ISE makes an Oauth call to Intune to check if the device that's trying to connect is compliant. I don't manage ISE so this is my understanding of how it currently works. What we are looking for is to eliminate the ISE servers and make wireless work independently of ISE. 

Meraki Employee

Hi @Guac55 and welcome!


So, there's a few things we could do here, but none of them involve Intune.


Meraki Systems Manager and Meraki MR have a technology called Sentry WiFi. This allows you, with nothing more than a handful of clicks, to provision devices with certificates bound to management (so that if you removed management, the cert would be removed too), which are then used for authentication.


What you can do is use the various pieces of inventory and posture that we get back from a device to determine whether it has the right to continue to have the cert: Not compliant, no cert.


However, if you were to look at MX in your network, then you could use Sentry Policies: This would allow you to determine the behavior of the device on your network: The posture of the device could be used to force a device onto a particular VLAN if it had a piece of unapproved software installed, wasn't running the latest version of the OS, and a whole host of other use cases


However, we understand that moving MDM providers may not be in your roadmap. So, there's also another technology called Trusted Access that allows you to provision devices with certificates, but without the management.


However, Trusted Access doesn't completely fulfill your use case, as there's no posture check


Anything that doesn't involve the above would be custom development on your side, alas.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.