Hello,
I have configured Cisco AnyConnect with Azure AD as a SAML IdP and I want to use the conditional access - device compliance to restrict access to the VPN.
However I have encountered a small problem: Anyconnect uses integrated browser and by default it can't see the system certificates and use them in the device identification. Because of that Azure AD can't see device identifier (identity certificate)[ https://i.imgur.com/87DYqO5.png ]. Certificates must be imported into anyconnect manually or by MDM, URI, SCEP. On Android it can be done easily by enabling browser access in a company portal [https://i.imgur.com/6RC2Uc0.jpg], however iPhone doesn't have such an option.
Is there a way to share (use different) Azure AD identity certificate with Anyconnect on iPhone? and use it for IdP and conditional access?
Intune can deploy the VPN profile to the client devices. VPN profile can define the certificate, which can be used for authentication. But I didn't found the way to define azure AD issued certificate, only custom.