Keep the values for $base64Thumbprint, $base64Value, and $keyid. Type the variable name at the PowerShell prompt to review the values, as shown in the following example: $keyid = ::NewGuid().ToString()Īfter the script runs, the values are stored in the variables. $base64Thumbprint = ::ToBase64String($bin) Run the following PowerShell script on the exported certificate file: $cer = New-Object 509Certificates.X509Certificate2 Select Export Certificate Only (default), and then select a location to save it to. In the ISE console, select Administration > System > Certificates > System Certificates, select the Default self-signed server certificate, and then select Export. Give the certificate a meaningful name, such as Azure MDM.Įxport the Cisco ISE self-signed certificate In ISE, select Administration > System > Certificates > Trusted Certificates, and then import the root certificate that you exported in step 3. In the local machine certificate store, find the Baltimore CyberTrust Root certificate, and then export the root certificate. In the Certificate window, select the Certification Path tab.
For example, in Microsoft Edge, select the HTTPS lock symbol, and then select Certificate. Use the browser to get the certificate details. Import the public certificate from the Intune tenant into ISE For more information about how the NAC integration works, see Network access control (NAC) integration with Intune.Ĭisco Identity Services Engine (ISE) integration with Microsoft Intune MDM Services uses Azure Active Directory (Azure AD) token-based authentication to access Intune services, and then uses that information to grant or deny network access to mobile devices. If the device is enrolled in Intune and is compliant with Intune device compliance policies, the NAC solution allows the device to access corporate resources. Intune integrates with network access control (NAC) partners to help organizations secure corporate data when devices try to access on-premises resources.