Cloud app Security client certificate

Iron Contributor

Hello all, i am following the below article on how to configure cloud app security to work with client certificates. I am currently using the demo cert that is called out in the article . The client cert has been added to the user cert store on the local machine, and the root cert was imported into cloud app security. 

I have also tagged the device with "Valid client certificate"  in endpoint manager, 
(per below)

 

Skipster3111_0-1628609764151.png

 

However when i do a search for all devices with tag - "Valid client certificate" i get back zero results. Need help understanding why cloud app security is not able to discover the device that i previously tagged ?

Skipster3111_1-1628609899390.png

 

https://docs.microsoft.com/en-us/cloud-app-security/troubleshooting-proxy#client-certificates-are-no...

 

2 Replies
For MDCA (MCAS) to see anything there, you would need a device with a valid cert to do something that is monitored or blocked by an access policy or session policy. That requires that the app be onboarded for CAAC. Deployment guidance for that can be found at
https://docs.microsoft.com/en-us/defender-cloud-apps/proxy-deployment-aad
Did you get this working, if so what kind of certificate did you use (Internal PKI, Managed PKI, public cert?) Trying to figure out our options for MCAS and MacOS devices managed by Kandji