Speaker: Greg Gibbs, Cisco Security Architect
00:00 Intro
02:23 Traditional Active Directory vs Azure Active Directory
05:06 Azure AD Join Types: Registered, Joined, Hybrid Joined
07:00 Intune MDM Enrollment Options
09:08 Windows Autopilot
10:04 Windows Self-Service Out-of-Box Experience (OOBE)
10:42 Azure AD Join & Enrollment
11:48 Azure AD Connect to sync on-premise AD
13:38 Azure AD Join vs Hybrid Join: `dsregcmd /status`
15:07 Intune Certiificate Connector
15:56 Windows Domain Join & Enrollment (with AAD and Intune)
17:25 Demo: Tour of Azure AD users and groups, UPNs, devices, registration types, Intune (MEM), compliance, Certificate Connector
20:50 Challenge: Transient MACs (dongle/dock)
23:24 Challenge: Random MACs
24:41 ISE 3.1 MDMv3 API and the Globally Unique Identifier (GUID)
26:10 Compliance Check with GUID
27:05 Cisco Field Notice FN-72472: GUID required with Intune after Dec 31, 2022
28:25 EAP-TLS Authentication to AD : computer or user) (traditional 802.1X with AD)
30:06 TEAP(EAP-TLS) Authentication in ISE 2.7+ for computer+user (EAP-Chaining)
33:33 EAP-TLS Authentication with Hybrid AD+Azure Compliance
34:44 EAP-TLS Authentication with Azure Intune Compliance
35:29 EAP-TTLS+PAP Authentication in ISE 3.0 (no GUID for Intune)
36:31 EAP-TLS Authentication with Azure AD Authorization with Intune Compliance in ISE 3.2
38:04 Intune Lab Overview
38:32 Example ISE 3.1 Policies for AD, Azure, and Intune
40:12 Example ISE 3.2 Policies for EAP-TLS with AAD
40:42 Demo: Windows 10 TEAP Authentication and Troubleshooting
⚠Be careful with copy & paste errors due to trailing spaces in Intune policy!
49:33 Demo: MAC Randomization with Surface tablet
👍 The live demo failed with a non-compliant status but after the webinar Greg rebooted his surface tablet and it worked perfectly. :-)
53:39 Troubleshooting with ISE `external-mdm` Log
54:33 Device Enrollment Status with Intune: `dsregcmd /status`
55:00 References:
- Integrate MDM and UEM Servers with Cisco ISE : www.cisco.com/c/en/us/td/docs...
- KZread - Intune Nuggets : kzread.infointun...
- Azure AD device identity documentation : docs.microsoft.com/en-us/azur...
- What is Azure AD Connect? : docs.microsoft.com/en-us/azur...
- Certificate Connector for MS Intune: docs.microsoft.com/en-us/mem/...
56:32 ISE Resources
56:58 Questions