Integrate MDM and UEM Servers with Cisco ISE

PDF

Configure Microsoft Endpoint Manager Intune

Updated: February 4, 2026

Want to summarize with AI?

Log in

Overview

Learn how to connect Microsoft Endpoint Manager Intune with Cisco ISE, and enable Cisco ISE MDM API v3 support to receive GUID from Microsoft Intune.

These steps list the configurations to carry out in Microsoft Endpoint Manager Intune. Choose the steps that your organization needs. If you use Cisco ISE release 3.1 or a later release, you can enable Cisco ISE MDM API v3 support to receive GUID from Microsoft Intune. To enable this support, configure the Subject Alternative Name (SAN) in your certificate profiles. Configuring the SAN allows Cisco ISE to receive a unique GUID for an endpoint from the Intune server. This helps address issues caused by random and changing MAC addresses.

If your organization does not use the standard commercial Microsoft Azure environment, refer to the Microsoft National Cloud Deployments document for a list of Graph API endpoints for national clouds operated by Microsoft.

Procedure

1.

Configure certificates for endpoint authentication in Microsoft Intune.
2.

Configure either SCEP or PKI certificate management protocols and the appropriate certificate profiles, according to your organizational needs.

For SCEP:

  1. Configure infrastructure to support SCEP with Microsoft Intune.

  2. Create and assign SCEP certificate profiles in Microsoft Intune.

For private and public key infrastructure (PKI):

  1. Configure and use PKCS certificates with Microsoft Intune.

  2. Create a PKCS certificate profile.

Tip

When you configure an SCEP or a PKI profile, in the Subject Alternative Name page, choose URI as the Attribute, and ID:Intune:GUID:{{DeviceId}} as the Value.

The ID:Intune:GUID:{{DeviceId}} is a template for reference.
3.

For Wi-Fi and wired endpoints, create a profile and choose the SCEP or PKI certificate profile you configured earlier to include the GUID value in the Subject Alternative Name field.

For more details on configuring Wi-Fi settings in Microsoft Intune, refer to Add and use Wi-Fi settings on your devices in Microsoft Intune.

If you create VPN profiles to connect to VPN servers in Intune, you must choose the certificate-based authentication type to share the GUID value with Cisco ISE.