Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
410
Views
0
Helpful
2
Replies

Cisco ISE Agentless Posture

ahmedsaif
Level 1
Level 1

‎06-06-2024 12:07 AM - edited ‎06-06-2024 12:18 AM

We are trying to implement Agentless Posture ( ISE 3.1 Patch 8 ) in our environment. However, there are some concerns that are raised by risk assesment team regarding some of the configurations. 

1. Why the account configured for posturing (under Endpoint Scripts --> Endpoint Login Configuration) cannot be linked directly to the AD so that there is no password management on the ISE itself and password policies get applied on the AD.

2. Why the account would require local admin privileges on each and every machine in the organization and open the door to possibilities for password leakage and threat of comprimising all machines as a result.

Anyone faced the above in their environments and what workarounds they considered for them?

Labels:
0 Helpful
2 Replies 2

ahmedsaif
Level 1
Level 1
In response to riya123flora

‎07-11-2024 03:35 AM

When configuring the admin account for Agentless posture we need to manually enter the password as well which is a security risk. Is there a way around this?

0 Helpful

ahollifield
VIP
VIP

‎07-14-2024 05:37 PM

If these are of concern to you, don't use agentless posture.  You raise some of the exact concerns I share with my customers when they want to use Agentless Posture.  What is your use-case?  Why not use Cisco Secure Client ISE Posture or an MDM compliance check instead?  The Agentless Posture user experience is also very poor.

0 Helpful
Customers Also Viewed These Support Documents