Next Microsoft API change will break third-party device authentication – Security – Software


An impending change to Microsoft’s Intune APIs will break mobile device management (MDM) identity support from vendors such as Cisco, Citrix, and F5.

Earlier this year, Microsoft decided that on December 31, 2022, it would deprecate the use of MAC addresses in Intune’s Network Access Control (NAC) API, which the software currently uses to identify device hardware. terminals.

Instead, Intune will identify devices using their globally unique identifier (GUID).

However, software such as Cisco’s Identity Services Engine (ISE) uses MAC addresses to identify endpoints, and this service will fail when deprecation takes effect.

As the company explains in this field notice“ISE integrates with Microsoft Intune to determine ownership or registration of enterprise assets, as well as security compliance.”

“For ISE 3.0 or earlier versions, or any ISE 3.1 or later deployment using the Microsoft Intune APIv2 MDM integration, API requests to Intune will fail and Intune-managed endpoints will appear as ‘unregistered’. ISE will also trigger an alarm that the Intune API is inaccessible,” the field advisory reads.

Cisco supports the change in ISE 3.1 and later, but that doesn’t mean that implementing the upgrade will be easy for IT stores: software setup for MDM APIv3 Intune integration will require installing certificates on all Intune endpoints and confirmation that these certificates are used for network authentication.

There could be other headaches: “For VPN-based endpoints, there is no workaround yet. It is suggested to use ISE posture to verify security compliance as an alternative to verifying against Intune,” the field advisory states.

Similar upgrade and configuration tasks are encountered by administrators running Citrix Gateway and F5 BIG-IP systems.

Release Notes for F5 Update to BIG-IP Version 17.0.0 Available here.

Depending on their current environment, Citrix Application Delivery Controller users will need to upgrade to 13.1-12.51 Where 13.0-84.11.

Microsoft’s advice regarding the API change is here.


About Author

Comments are closed.