topic Device Authentication with Azure AD in General Topics

Device Authentication with Azure AD

JesseMagee — Thu, 06 Jul 2017 15:51:16 GMT

We have setup an Azure AD environment with some test machines that are Azure AD joined, but not joined to our on-prem AD environment. Our PA certificate is installed on these machines. For a time PA correctly identifies these machines with the correct username. But after a while, it no longer does. This can be temporarily fixed by release/renewing the IP on the machine. But it only works for a time.

What needs to be done for PA to properly identify users that are on Azure AD joined machines?

Re: Device Authentication with Azure AD

BPry — Thu, 06 Jul 2017 17:01:04 GMT

@JesseMagee,

How do you have your monitoring setup for this enviroment, are you using agentless, WMI probing or Captive Portal?

edit:

I'll expand on this a little just because I'm trying to figure out how you are achieving a mapping at all. In this scenario your better option would be to connect to the company internal AD servers that make the federated connection to Azure AD. Since you can run LDAP against it you could also setup a Captive Portal for this and just use that. Honestly I would say that the easiest and most reliable soution would be Captive Portal but depending on how you are running now that may be a change that is simply to big to make as it would effect user experiance.

Re: Device Authentication with Azure AD

JesseMagee — Thu, 06 Jul 2017 20:11:53 GMT

Currently doing agentless. And I know they wont go for captive portal unfortunately. Too much change for the end user with that route