A customer has asked if, rather than using Meraki System Manager to handle wireless client authentication, he can use MS Intune. I have no experience with Intune: from what I'm seeing on the Internet, it might be possible, but I can't be sure. I was hoping to use SM, but their wireless clients are already enrolled in InTune, so the other part of this question is (and I think I can guess the answer!) can the clients be enrolled in SM and InTune simultaneously?
Any information would be much appreciated!
Roo
Solved! Go to solution.
Hi GreenMan,
Following on from what you and alemabrahao said, I have been looking at this information:
It looks like doing the authentication and authorisation this way still gives certificate-level security, still uses SM licences, but should co-exist with InTune.
Am I right, or are there other considerations I have ignored?
Thanks
Roo
I think it will answer your question:
Some interesting stuff in there. I will have a read of it....thanks!
It depends a bit what you're doing with Systems Manager. If you're using it for Sentry WiFi, with Meraki APs (which is the best approach, if you've bought into both of those things), you definitely won't be able to do this in the same way with Intune replacing SM; it's the integration between SM and Meraki APs via a common cloud platform that makes the magic happen there.
Remember too that InTune (and SM really) do not themselves do authentication - they deploy credentials and setup to a client so that they can be authenticated by something else. In the case of Sentry WiFi, this is a cloud RADIUS residing in the Meraki cloud. If you use InTune, you then have to think about what's doing the authentication. If all you use InTune for is placing say a pre-shared key WiFI profile on the client, this would work, but the security of pre-shared keys is not nearly as good as that provided by 802.1x, which is what Sentry uses.
Hi GreenMan,
Following on from what you and alemabrahao said, I have been looking at this information:
It looks like doing the authentication and authorisation this way still gives certificate-level security, still uses SM licences, but should co-exist with InTune.
Am I right, or are there other considerations I have ignored?
Thanks
Roo
Correct, in principle. My main thought arising: if you've purchased Systems Manager (for Trusted Access), why not just use Systems Manager?
Hi GreenMan,
That was my original intention, but they only told me today they already have InTune, and I don't know enough about it to say if it will co-exist with InTune, so rather than try to run two MDMs in parallel, I'm looking at alternative ways to work