Does NAC have the capability to identify company issued devices by the certificate installed on them and can NAC mesh with Intune?

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
We are trying to see what our options or for identifying mobile devices by the certificate installed on them.  We would be using Intune to push group policy settings and a cert.  Currently the NAC is setup with AD connectivity.  Can a rule be built to catch devices with a company issued cert and also would we need to use a particular auth method?  Could we use a captive portal or would we need to use 802.1X?
Photo of Pierre Demassey

Pierre Demassey

  • 314 Points 250 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Pala, Zdenek

Pala, Zdenek, Employee

  • 9,834 Points 5k badge 2x thumb
You can define rules based on 802.1x method = if EAP-TLS and the certificate is from the right CA then access granted as "company owned device". You can also verify the username (from CN) against LDAP for additional distinguishing...