Dear all,

Do we have a newer version of integration guide with Airwatch, the above link to ISE Design & Integration Guides does not have any information, and the one in https://www.cisco.com/en/US/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/AirWatchISE.pdf is dated 2013.

Our customer would also like to know about how to identify and allow only corporate Android devices without using certificate due to lock screen issue Disabling Android Lock Screen - SecureW2.

Other than MDM approach, is there any easier approach?

Tommy

Please reach out to airwatch for updated docs on their side since ours hasn’t changed much.

If you’re not using MDM or certs to separate the types of devices then I would think you could build an endpoint group with all the corporate device MAC addresses.

There might be other ways as well perhaps profiling on a sort of hardware that corporate has purchased but then you risk the case if someone has one as a personal device as well?

Adding to Jason's. Custom attributes for endpoints are available since ISE 2.1 and we may also use a specific set of users, nice long passwords, and different SSID, etc.

Android lock screen is a security feature and it's good for handsets. If your use case is kiosk or the like, you should probably consider a different client OS or propose to Google Android team to make it optional.