We are implementing Azure, and I was wondering if it was possible to configure the BIG-IP such that:
User authentication goes to a URL in which we've enabled federation (i.e., SAML) authentication.
Intune and device management requests bypass this URL and go to the Microsoft SSO URL, and then, after SSO, the device communicates directly with Azure.
I've looked into the network information for both Office 365 and Intune, and there's a lot of different endpoints available. It's almost like it would be too complex to manage, but I thought I would ask.
Did you ever make progress on this? We're having issues getting users registered with Intune, with on-premise Big-IP (v15) as IDP (no AD FS).
It looks like WS-Trust is a MUST from Azure's perspective, still not sure whether it's supported though (I'm opening an SR to ask F5, docs are hazy)...
