Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Marvin's avatar
Marvin
Icon for Cirrocumulus rankCirrocumulus
Jun 16, 2025

Entra ID F5 APM MDM Intune integration compliance check

We have a F5 APM with Entra ID Intune MDM integration for tunnel per-APP-VPN working and we perform cert based authentication, retrieve the UPN username from the certificate. Now we would like to in...
application delivery
Injeyan_Kostas's avatar
Injeyan_Kostas
Icon for MVP rankMVP
Jun 16, 2025

Thats unfortubatelly correct. Device ID is not availble though browser.

  • Marvin's avatar
    Marvin
    Icon for Cirrocumulus rankCirrocumulus
    Jun 20, 2025

    I have to  say it works like a charm using certificates i believe the built-in APM agent performs the compliance check via back POST call using the device ID I believe that would make the most sense correct?

     

    https://community.f5.com/kb/technicalarticles/migrating-f5-big-ip-apm-from-legacy-nac-service-to-compliance-retrieval-service/309398

     

    • Injeyan_Kostas's avatar
      Injeyan_Kostas
      Icon for MVP rankMVP
      Jun 20, 2025

      The problem is not the APM Agent who will do the call, is how you feed this agent with Device ID.
      Of course if you got a certificate device ID is there, but you are not getting a certificate through browser based authentication