Device Authentication with Azure AD

Reply
L0 Member

Device Authentication with Azure AD

We have setup an Azure AD environment with some test machines that are Azure AD joined, but not joined to our on-prem AD environment. Our PA certificate is installed on these machines. For a time PA correctly identifies these machines with the correct username. But after a while, it no longer does. This can be temporarily fixed by release/renewing the IP on the machine. But it only works for a time. 

What needs to be done for PA to properly identify users that are on Azure AD joined machines?

Tags (1)
Cyber Elite

@JesseMagee,

How do you have your monitoring setup for this enviroment, are you using agentless, WMI probing or Captive Portal? 

 

edit:

I'll expand on this a little just because I'm trying to figure out how you are achieving a mapping at all. In this scenario your better option would be to connect to the company internal AD servers that make the federated connection to Azure AD. Since you can run LDAP against it you could also setup a Captive Portal for this and just use that. Honestly I would say that the easiest and most reliable soution would be Captive Portal but depending on how you are running now that may be a change that is simply to big to make as it would effect user experiance. 

L0 Member

Currently doing agentless. And I know they wont go for captive portal unfortunately. Too much change for the end user with that route

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!