Event banner
Event details
MS need to do a better job at helping break legacy thinking and publishing information on things like why you don't need to hybrid join devices. In fact, much of the information is there at aka.ms/cloudnativeendpoints, but not a day goes by that I'm not explaining to someone why they don't need to be doing HAADJ.
So most NAC tools require an AD object to control 802.11x authentication. Some applications require specific naming conventions to operate. Thats why we need hybrid join. There are so many reasons people cant just drop on prem AD.
Many environments that had 20+ years of legacy operation, are going to need time to redesign everything, re-solution, budget, plan.
- Things like Cisco ISE can integrate with Intune to actually provide a *more secure* solution based on things like device compliance. Changing from device-based to user-based auth is also a better route. 802.1x is like an armadillo, a hard shell around a squishy centre. I'm 100% aware that there are going to be challenges, but if your business is not prioritising moving away from those legacy systems, then the problem is them, not the technology.
- My networking team is refusing to modify our wireless Cisco ISE policy. It requires that the device be domain joined rather than use Azure User Authentication. Therefore, I can't use Intune in-house. Any ideas on how to get them to open their minds to AAD user authentication?
- Hi Donna Have you investigated device write back? I'm assuming they are using certificates pushed out to the Windows machine via GPO to do certificate based authentication for the Wi-FI network. You should be able to get certificates published to the Intune Managed devices....
- The problem is, change in large corporations is like steering an oil tanker, it takes a lot of time and space to change direction. Resourcing, budgeting - these things dont just 'appear' . Add to that there are just so many gaps in the technology with cloud native, that are being just glossed over here, or not addressed.
- This will be a major issue for my School District as there is some old thinking patterns in well established application providers.
