Use of MS InTune to Authenticate Wireless Clients

Solved
The_Roo
Getting noticed

Use of MS InTune to Authenticate Wireless Clients

A customer has asked if, rather than using Meraki System Manager to handle wireless client authentication, he can use MS Intune. I have no experience with Intune: from what I'm seeing on the Internet, it might be possible, but I can't be sure. I was hoping to use SM, but their wireless clients are already enrolled in InTune, so the other part of this question is (and I think I can guess the answer!) can the clients be enrolled in SM and InTune simultaneously?

 

Any information would be much appreciated!

 

Roo

1 Accepted Solution

Hi GreenMan,

Following on from what you and alemabrahao said, I have been looking at this information:

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Trusted_Access_for_Se...

It looks like doing the authentication and authorisation this way still gives certificate-level security, still uses SM licences, but should co-exist with InTune.

Am I right, or are there other considerations I have ignored?

 

Thanks

Roo

View solution in original post

6 Replies 6
alemabrahao
Kind of a big deal
Kind of a big deal

I think it will answer your question:

 

https://community.meraki.com/t5/Mobile-Device-Management/Meraki-AP-integration-with-Intune/m-p/17380...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Some interesting stuff in there. I will have a read of it....thanks!

GreenMan
Meraki Employee
Meraki Employee

It depends a bit what you're doing with Systems Manager.  If you're using it for Sentry WiFi, with Meraki APs (which is the best approach, if you've bought into both of those things), you definitely won't be able to do this in the same way with Intune replacing SM;   it's the integration between SM and Meraki APs via a common cloud platform that makes the magic happen there.

Remember too that InTune (and SM really) do not themselves do authentication - they deploy credentials and setup to a client so that they can be authenticated by something else.   In the case of Sentry WiFi, this is a cloud RADIUS residing in the Meraki cloud.    If you use InTune, you then have to think about what's doing the authentication.   If all you use InTune for is placing say a pre-shared key WiFI profile on the client, this would work, but the security of pre-shared keys is not nearly as good as that provided by 802.1x, which is what Sentry uses.

Hi GreenMan,

Following on from what you and alemabrahao said, I have been looking at this information:

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Trusted_Access_for_Se...

It looks like doing the authentication and authorisation this way still gives certificate-level security, still uses SM licences, but should co-exist with InTune.

Am I right, or are there other considerations I have ignored?

 

Thanks

Roo

GreenMan
Meraki Employee
Meraki Employee

Correct, in principle.   My main thought arising:   if you've purchased Systems Manager (for Trusted Access), why not just use Systems Manager?

Hi GreenMan,

That was my original intention, but they only told me today they already have InTune, and I don't know enough about it to say if it will co-exist with InTune, so rather than try to run two MDMs in parallel, I'm looking at alternative ways to work

Get notified when there are additional replies to this discussion.