This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About BrianNFC
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About BrianNFC
04-03-2023
3Posts
2Likes
1Solution
Apr 03, 2023Last Visited
User
Activity
User
Profile
Latest posts by BrianNFC
| Subject | Views | Posted |
|---|---|---|
| 6894 | 12-18-2020 12:54 AM | |
| 7437 | 09-24-2020 09:50 AM | |
| 7514 | 09-21-2020 06:13 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 09-21-2020 06:13 AM | |
| 1 Like | 12-18-2020 12:54 AM |
User Badges
Community Statistics
| Member Since | 09-24-2018 01:47 AM |
| Date Last Visited | 04-03-2023 09:29 AM |
| Posts | 3 |
| Total Likes Received | 2 |
12-18-2020
12:54 AM
1 Kudo
Hi there. We had a consultant do this bit for us. But I don't think it is very difficult and it is quite well documented. You need an NDES server and you also need to install the Intune certificate connector on that server. You need to create an appropriate certificate template on your internal CA server. You have to give "enrol" rights to the NDES server account. Then you will need a certificate profile in Intune for handing certificates to Autopilot machines. See more at these links: https://oofhours.com/2020/04/05/intune-certificates-something-everyone-should-set-up/ https://docs.microsoft.com/en-us/mem/intune/protect/certificates-scep-configure Cheers Brian
... View more
09-24-2020
09:50 AM
It actually looks like this configuration is correct. I reset my test laptop back to factory defaults and now it just works with only the machine certificate. Thanks, Brian
... View more
09-21-2020
06:13 AM
1 Kudo
Hello everyone, We are looking at using GP for the purposes of joining offsite computers to our domain via a process called offsite Azure Hybrid AD join. More details: https://oofhours.com/2020/05/23/digging-into-hybrid-azure-ad-join/ https://oofhours.com/2020/06/23/windows-autopilot-user-driven-hybrid-azure-ad-join-which-vpn-clients-work The basic premise is that the GP establishes a connection before login and then the user simply logs in, as if they were on the LAN. I have set this up and it works well, but there is one problem that probably scuppers the whole thing: in order to work, the computer needs BOTH a computer certificate and a user cerficicate. This is a problem because the VPN needs to connect BEFORE the user logs in, so there will be no user certificate available. I spoke to Palo support and they told me this is by design and pre-logon needs both certificates. This seems strange to me...surely this can work with only computer certificates? Settings Portal: Certificate profile containing internal PKI root and subordinate Authentication profile: points at an internal Radius server Cookies enabled for authentication override Config selection criteria: "any" user/user group Single external gateway Connect method: Pre-logon (always on) Gateway: Certificate profile containing internal PKI root and subordinate Authentication profile: points at an internal Radius server Cookies enabled for authentication override If anyone can offer any advise as to how to get this to work with only computer certificates that would be great. Thanks, Brian
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
04-03-2023
09:29 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks