Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure Cloud PKI is now released; how do we hook Meraki AP to it?

Boyan1
Getting noticed
a month ago
a month ago

Azure Cloud PKI is now released; how do we hook Meraki AP to it?

Hi everyone,

It's April of 2024, Microsoft Cloud PKI for Microsoft Intune has been out for some time and it looks very promising for AAD-only joined devices but how do we hook our MRs to it so one can do enterprise 802.11x based on PKI certificate auth (device based auth)?

https://learn.microsoft.com/en-us/mem/intune/protect/microsoft-cloud-pki-overview

I know how to do it the legacy way, with on-prem CA etc EAP-TLS and RADIUS as the last mile authenticator to the Meraki AP but this "Cloud PKI" is totally new. It promises to eliminate on-prem CA, the InTune connector and ton of other heavy weight.

Anyone gone down that road? What endpoint would the APs talk to? What profile to setup the SSID under? So many unknowns?

Thanks

~B

Labels:
0 Kudos
Subscribe
6 Replies 6
PhilipDAth
Kind of a big deal
Kind of a big deal
a month ago
a month ago

Already done it.

 

Configure the SSID to use local auth with certificate authentication.  Upload your CloudPKI certificate.  Works great.

 

PhilipDAth_0-1712027378494.png

https://documentation.meraki.com/MR/Encryption_and_Authentication/Meraki_Local_Authentication_-_MR_8...

 

Subscribe
In response to PhilipDAth
Boyan1
Getting noticed
a month ago
a month ago

@PhilipDAth Thank you but what do you plug here? Azure Cloud PKI does NOT expose any end points on the public Internet to where the MR can be pointed to?

Boyan1_0-1712030504652.png

 

0 Kudos
Subscribe
In response to Boyan1
Brash
Kind of a big deal
Kind of a big deal
a month ago
a month ago

In the image here, you have certificate auth disabled.

Following what @PhilipDAth said, you need to enable it.

Subscribe
Speedbird1
Getting noticed
4 weeks ago
4 weeks ago

I was just looking at this and its damn expensive

2000 devices/users somewhere in the region of £34000 per annum as a standalone Addon. 

You would think MS would include this in enterprise licences. 

 

Subscribe
RobinHelmig
New here
3 weeks ago
3 weeks ago

When running a test to install the certificate i get the follower errorimage.pngimage.png

0 Kudos
Subscribe
In response to RobinHelmig
PhilipDAth
Kind of a big deal
Kind of a big deal
3 weeks ago
3 weeks ago

In Cloud PKI, there are two different formats for downloading the root CA. You need to download the other format.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.