This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
DanielVd
Explorer
‎2023-01-25 07:52 AM

Endpoint Security VPN on Azure AD Joined PC

Good evening everyone, for the past few weeks I've been going crazy trying to get the VPN working on a PC deployed via Intune (so it's an Azure AD Joined PC), but the machine is in no way recognised by the firewall and therefore does not match any policy.

I believe that this malfunction is related to the fact that we use authentication via a certificate, but this is not loaded on the machine in Azure AD. Am I on the right way or is there something else to check?

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2023-01-25 06:38 PM

If you're using Azure AD, the entire authentication must occur with Azure AD (i.e. via SAML) in order to get the group information.
This applies regardless of the authentication method you specify in Azure AD.
That also implies your certificates need to come from Azure AD. 

0 Kudos
DanielVd
Explorer
‎2023-01-25 11:48 PM
In response to PhoneBoy

Thanks PhoneBoy. Can you link me to any guides explaining how to configure the remote access section? I have found several, but I cannot get the desired result.

0 Kudos
Nüüül
Advisor
‎2023-01-26 12:06 AM
In response to DanielVd

Hi Daniel,

 

as phoneboy said, you will need to setup SAML Authentication against Azure IDP for being able to do something there. 

check out those videos - that helped me a lot in configuring something like that:

https://www.youtube.com/watch?v=172xGxqQvhI
https://www.youtube.com/watch?v=yZVB3sJ3fZ8

Basically your client check is than done by Azure within a conditional access ruleset. Gateway only receives a "OK" or "not OK" including some attributes (i.e. group memberships, maybe Machine attributes are possible too)

So there is nothing like an on prem AD on your site, where machine accounts are replicated to - so one could then go via ldap account unit...?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events