https://community.cisco.com/t5/network-access-control/ise-2-2-posture-bypass/m-p/3843486#M473621 <P>My ISE environment is doing posture.&nbsp; One of the posture requirements is that the computer must be on the domain.&nbsp; We are checking for a certain registry entry to confirm that the machines are on the domain.</P><P>&nbsp;</P><P>I have a use case where we have a handful of laptops that are not on our domain but we want them to be able to use the corporate network just like any other user.&nbsp; Is there a way I can put a bypass in based on MAC address so these laptops don't have to be on the domain?</P><P>&nbsp;</P><P>Thanks</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 23 Apr 2019 20:10:00 GMT Andy Guley 2019-04-23T20:10:00Z https://community.cisco.com/t5/network-access-control/ise-2-2-posture-bypass/m-p/3843486#M473621 <P>My ISE environment is doing posture.&nbsp; One of the posture requirements is that the computer must be on the domain.&nbsp; We are checking for a certain registry entry to confirm that the machines are on the domain.</P><P>&nbsp;</P><P>I have a use case where we have a handful of laptops that are not on our domain but we want them to be able to use the corporate network just like any other user.&nbsp; Is there a way I can put a bypass in based on MAC address so these laptops don't have to be on the domain?</P><P>&nbsp;</P><P>Thanks</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 23 Apr 2019 20:10:00 GMT https://community.cisco.com/t5/network-access-control/ise-2-2-posture-bypass/m-p/3843486#M473621 Andy Guley 2019-04-23T20:10:00Z https://community.cisco.com/t5/network-access-control/ise-2-2-posture-bypass/m-p/3844085#M473624 There are several ways you can approach this. One way you can accomplish this is by setting up your Client Provisioning Policy 'other conditions' to match on an external source (AD) or internal endpoint groups. This would force posture assessment on your known assets and other assets would bypass the policy therefore not need to be scanned. HTH! Wed, 24 Apr 2019 12:14:31 GMT https://community.cisco.com/t5/network-access-control/ise-2-2-posture-bypass/m-p/3844085#M473624 Mike.Cifelli 2019-04-24T12:14:31Z https://community.cisco.com/t5/network-access-control/ise-2-2-posture-bypass/m-p/3844258#M473627 <P>I suggest you refer the prescriptive deployment guide here -&nbsp;<A href="https://community.cisco.com/t5/security-documents/ise-posture-prescriptive-deployment-guide/ta-p/3680273" target="_self">Posture Prescriptive Deployment Guide</A></P> <P>Thanks,</P> <P>Nidhi</P> Wed, 24 Apr 2019 15:34:18 GMT https://community.cisco.com/t5/network-access-control/ise-2-2-posture-bypass/m-p/3844258#M473627 Nidhi 2019-04-24T15:34:18Z