https://community.cisco.com/t5/network-access-control/ise-anomalous-endpoint-detection-and-enforcement-licenses/m-p/4406160#M567440 <P>Hi Community,</P><P>&nbsp;</P><P>Here is the deal,</P><P>&nbsp;</P><P>We want enable&nbsp;Anomalous Endpoint Detection and Enforcement Features of ISE server. Do we need to have Plus licenses to enable mentioned features? I think for Anomalous endpoint enforcement we would need Plus licenses, because we would need to configure an authorization policy for that, but am not really sure and I didn't find any information on the community or elsewhere about this.</P><P>&nbsp;</P><P>Thank you in advanced.</P><P>&nbsp;</P><P>Regards,</P><P>Reynaldo Lopez</P> Thu, 20 May 2021 16:35:38 GMT reynaldolopeza 2021-05-20T16:35:38Z https://community.cisco.com/t5/network-access-control/ise-anomalous-endpoint-detection-and-enforcement-licenses/m-p/4406160#M567440 <P>Hi Community,</P><P>&nbsp;</P><P>Here is the deal,</P><P>&nbsp;</P><P>We want enable&nbsp;Anomalous Endpoint Detection and Enforcement Features of ISE server. Do we need to have Plus licenses to enable mentioned features? I think for Anomalous endpoint enforcement we would need Plus licenses, because we would need to configure an authorization policy for that, but am not really sure and I didn't find any information on the community or elsewhere about this.</P><P>&nbsp;</P><P>Thank you in advanced.</P><P>&nbsp;</P><P>Regards,</P><P>Reynaldo Lopez</P> Thu, 20 May 2021 16:35:38 GMT https://community.cisco.com/t5/network-access-control/ise-anomalous-endpoint-detection-and-enforcement-licenses/m-p/4406160#M567440 reynaldolopeza 2021-05-20T16:35:38Z https://community.cisco.com/t5/network-access-control/ise-anomalous-endpoint-detection-and-enforcement-licenses/m-p/4406173#M567443 <P><SPAN>Do we need to have Plus licenses to enable mentioned features?</SPAN></P> <P><SPAN>-Yes since you would be utilizing profiling data to make an authorization policy decision. </SPAN></P> <P><SPAN>Example authz condition:&nbsp;</SPAN><SPAN>EndPoints·AnomalousBehaviour EQUALS True</SPAN></P> <P>&nbsp;</P> <P><SPAN>Not sure of your ISE version, but strongly suggest referencing&nbsp;the following for additional resources:</SPAN></P> <P><SPAN><A href="https://community.cisco.com/t5/security-documents/ise-profiling-design-guide/ta-p/3739456#toc-hId-1312452864" target="_blank">ISE Profiling Design Guide - Cisco Community</A></SPAN></P> <P><SPAN><A href="https://www.cisco.com/c/en/us/td/docs/security/ise/2-7/admin_guide/workflow/html/b_license_2_7.html" target="_blank">Cisco ISE 2.7 Admin Guide: Licensing - Cisco</A></SPAN></P> <P><SPAN><A href="https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/migration-guide-c07-744240.html" target="_blank">Products - ISE 3.0 License Migration Guide - Cisco</A></SPAN></P> Thu, 20 May 2021 16:53:02 GMT https://community.cisco.com/t5/network-access-control/ise-anomalous-endpoint-detection-and-enforcement-licenses/m-p/4406173#M567443 Mike.Cifelli 2021-05-20T16:53:02Z https://community.cisco.com/t5/network-access-control/ise-anomalous-endpoint-detection-and-enforcement-licenses/m-p/4406265#M567448 <P>Hi Mike,</P><P>&nbsp;</P><P>Thank you for your quick reply and additional resources.</P><P>&nbsp;</P><P>So just to be sure, ISE license count would increase every time an endpoint hits the <SPAN>authz&nbsp;</SPAN>Policy "<SPAN>EndPoints·AnomalousBehaviour EQUALS True"?</SPAN></P><P>&nbsp;</P><P><SPAN>We have Base licenses for 2500 endpoints, but if above behaviour is true, we could be fine with just 100 Plus license for anomalous behaviour Endpoints?</SPAN></P><P>&nbsp;</P><P><SPAN>Kind regards,</SPAN></P><P><SPAN>Reynaldo</SPAN></P><P>&nbsp;</P><P><SPAN>Kind regards,</SPAN></P><P><SPAN>Reynaldo</SPAN></P><P>&nbsp;</P> Thu, 20 May 2021 19:39:31 GMT https://community.cisco.com/t5/network-access-control/ise-anomalous-endpoint-detection-and-enforcement-licenses/m-p/4406265#M567448 reynaldolopeza 2021-05-20T19:39:31Z https://community.cisco.com/t5/network-access-control/ise-anomalous-endpoint-detection-and-enforcement-licenses/m-p/4406541#M567459 <P>So just to be sure, ISE license count would increase every time an endpoint hits the<SPAN>&nbsp;</SPAN><SPAN>authz&nbsp;</SPAN>Policy "<SPAN>EndPoints·AnomalousBehaviour EQUALS True"?</SPAN></P> <P>-Yes.</P> <P><SPAN>We have Base licenses for 2500 endpoints, but if above behaviour is true, we could be fine with just 100 Plus license for anomalous behaviour Endpoints?</SPAN></P> <P><SPAN>-Depends on your requirements.&nbsp; Technically when a plus license feature is consumed it is a 1:1 ratio and will consume base+plus licenses.&nbsp; In live logs under license types you see the following:</SPAN></P> <TABLE class="content_table" border="0"> <TBODY> <TR> <TD width="69%">Base and Plus license consumed</TD> </TR> </TBODY> </TABLE> <P>To reiterate:&nbsp;<SPAN>One Plus feature license is required for each endpoint that is actively authenticated to the network and where profiling data is used to make an Authorization Policy decision.</SPAN></P> Fri, 21 May 2021 11:34:29 GMT https://community.cisco.com/t5/network-access-control/ise-anomalous-endpoint-detection-and-enforcement-licenses/m-p/4406541#M567459 Mike.Cifelli 2021-05-21T11:34:29Z