Security

 View Only
Back to discussions
Expand all | Collapse all

Planning using ClearPass integration with EntraID and Intune

This thread has been viewed 18 times

  • 1.  Planning using ClearPass integration with EntraID and Intune

    Posted Jan 08, 2026 04:39 AM

    We are using on-perm AD for the authorization with clearpass.

    We are planning migrate to entraID and intune to access the wifi with clearpass.

    But we just find the very old guideline/video for this.

    Anyone can provide more information or guideline to us?

    1. using EAP-TLS with intune certificate is necessary? if we want to use EntraID for authorization.
    2. for our environment, access difference vlan by group user on same SSID. How to setup the enforcement policy to achieve same result?


    -------------------------------------------


  • 2.  RE: Planning using ClearPass integration with EntraID and Intune

    Posted Jan 08, 2026 09:48 AM

    EAP-TLS or EAP-TEAP with certificate authentication must be utilized as authentication method as EAP-PEAP with MSCHAPv2 is based on NTLM and the old protocols associated with NTLM is deprecated in Entra ID.

    The guides are available in the Networking support portal, https://networkingsupport.hpe.com/globalsearch#q=intune&tab=Documents

    The certificates must include either the Intune ID (for computer certificates) or Entra ID (for user certificates) in the SAN field of the certificate. If you are only using machine certificates, you can't do any Entra ID lookups.

    In the role mapping policy you can utilize the group attribute returned from Entra ID and create similar role mappings as you have today based on your Active Directory groups.



    ------------------------------
    Best Regards
    Jonas Hammarbäck
    MVP Guru, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security
    Aranya AB
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------



Related Content