Home
Support
Product Support
Security
Cisco Identity Services Engine
Configuration Guides

Integrate MDM and UEM Servers with Cisco ISE

View all Saved Content

PDF

Is this helpful?

Helpful Unhelpful

Feedback

Thank you for your feedback. Your response has been recorded.

Ask about this document

Cisco Configuration Guide, Release 4.2

Table of contents

Expand all sections

About this document

Integrate UEM and MDM Servers with Cisco ISE

Unified endpoint management in Cisco ISE
MAC address for VPN-connected endpoints

Integrate Cisco Meraki Systems Manager

Cisco Meraki Systems Manager
Set up Cisco Meraki Systems Manager as an MDM or UEM server

Integrate Microsoft Endpoint Manager Intune

Microsoft Intune and Cisco ISE
Configure Microsoft Endpoint Manager Intune
Manage VPN-connected mobile devices with Microsoft Intune
Connect Microsoft Intune to Cisco ISE as a mobile device management server

Integrate Ivanti (previously MobileIron) UEM

Ivanti (previously MobileIron) UEM servers
Set up MobileIron Cloud UEM servers
Set up MobileIron Core UEM servers

Manage VPN-connected mobile devices with Microsoft Intune

Updated: February 6, 2026

Want to summarize with AI?

On this page

Overview

VPN-connected android device settings in Microsoft Intune
VPN-connected iOS device settings in Microsoft Intune

Overview

This section describes how to use Microsoft Intune to manage mobile devices connected by VPN.

To manage VPN-connected mobile devices, these configurations are required in Microsoft Intune:

VPN-connected android device settings in Microsoft Intune

Configure settings for VPN-connected Android endpoints according to the requirements detailed in Android enterprise device settings to configure VPN in Intune.
Create an app configuration policy in Microsoft Intune for endpoints that use the Cisco Secure Client-AnyConnect app. Include the Device Identifier configuration key in the Configuration Settings for this policy.

Figure 1. App configuration policy settings in Microsoft Intune

VPN-connected iOS device settings in Microsoft Intune

For VPN-connected iOS devices, you can find the required VPN settings for Microsoft Intune in Add VPN settings on iOS and iPad OS devices in Microsoft Intune.

When you create a VPN profile for iOS or iPadOS devices, you must choose the Enable network access control (NAC) setting to allow Microsoft Intune to include a device ID for the endpoint.

After you complete these configurations, Cisco AnyConnect logs the device identifier in the format ID:Intune:DeviceID:<device id>. Cisco ISE APIs retrieve this device ID for the endpoint. The system uses the device ID instead of the endpoint’s MAC address to check compliance.

Need help?

Open a support case

(Requires a Cisco Service Contract)

Bias-free language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.