Meraki

Community

Use of MS InTune to Authenticate Wireless Clients

Solved
The_Roo
Getting noticed
‎Oct 13 2023 2:05 AM
‎Oct 13 2023 2:05 AM

Use of MS InTune to Authenticate Wireless Clients

A customer has asked if, rather than using Meraki System Manager to handle wireless client authentication, he can use MS Intune. I have no experience with Intune: from what I'm seeing on the Internet, it might be possible, but I can't be sure. I was hoping to use SM, but their wireless clients are already enrolled in InTune, so the other part of this question is (and I think I can guess the answer!) can the clients be enrolled in SM and InTune simultaneously?

 

Any information would be much appreciated!

 

Roo

0 Kudos
1 Accepted Solution
In response to GreenMan
The_Roo
Getting noticed
‎Oct 13 2023 7:02 AM
‎Oct 13 2023 7:02 AM

Hi GreenMan,

Following on from what you and alemabrahao said, I have been looking at this information:

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Trusted_Access_for_Se...

It looks like doing the authentication and authorisation this way still gives certificate-level security, still uses SM licences, but should co-exist with InTune.

Am I right, or are there other considerations I have ignored?

 

Thanks

Roo

View solution in original post

0 Kudos
6 Replies 6
alemabrahao
Kind of a big deal
Kind of a big deal
‎Oct 13 2023 5:26 AM
‎Oct 13 2023 5:26 AM

I think it will answer your question:

 

https://community.meraki.com/t5/Mobile-Device-Management/Meraki-AP-integration-with-Intune/m-p/17380...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
The_Roo
Getting noticed
‎Oct 13 2023 6:58 AM
‎Oct 13 2023 6:58 AM

Some interesting stuff in there. I will have a read of it....thanks!

0 Kudos
GreenMan
Meraki Employee
Meraki Employee
‎Oct 13 2023 6:54 AM
‎Oct 13 2023 6:54 AM

It depends a bit what you're doing with Systems Manager.  If you're using it for Sentry WiFi, with Meraki APs (which is the best approach, if you've bought into both of those things), you definitely won't be able to do this in the same way with Intune replacing SM;   it's the integration between SM and Meraki APs via a common cloud platform that makes the magic happen there.

Remember too that InTune (and SM really) do not themselves do authentication - they deploy credentials and setup to a client so that they can be authenticated by something else.   In the case of Sentry WiFi, this is a cloud RADIUS residing in the Meraki cloud.    If you use InTune, you then have to think about what's doing the authentication.   If all you use InTune for is placing say a pre-shared key WiFI profile on the client, this would work, but the security of pre-shared keys is not nearly as good as that provided by 802.1x, which is what Sentry uses.

In response to GreenMan
The_Roo
Getting noticed
‎Oct 13 2023 7:02 AM
‎Oct 13 2023 7:02 AM

Hi GreenMan,

Following on from what you and alemabrahao said, I have been looking at this information:

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Trusted_Access_for_Se...

It looks like doing the authentication and authorisation this way still gives certificate-level security, still uses SM licences, but should co-exist with InTune.

Am I right, or are there other considerations I have ignored?

 

Thanks

Roo

0 Kudos
GreenMan
Meraki Employee
Meraki Employee
‎Oct 13 2023 8:30 AM
‎Oct 13 2023 8:30 AM

Correct, in principle.   My main thought arising:   if you've purchased Systems Manager (for Trusted Access), why not just use Systems Manager?

0 Kudos
In response to GreenMan
The_Roo
Getting noticed
‎Oct 13 2023 8:36 AM
‎Oct 13 2023 8:36 AM

Hi GreenMan,

That was my original intention, but they only told me today they already have InTune, and I don't know enough about it to say if it will co-exist with InTune, so rather than try to run two MDMs in parallel, I'm looking at alternative ways to work

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.