It may be somewhat different between environments and how the groups are effectively used, how they are initially populated (dynamic vs static), and how quickly they grow.

For example I've frequently seen deployments where the purge policy for guest endpoints is set to purge after 30 days (sometimes less).

I know of an environment where group that's primarily used to identify devices being staged, and the purge policy on that group is only a few days. (Since effectively the endpoint should have been moved into another group post staging anyway.)

60/90/120 inactive-days is what I frequently run into for different groups/use cases, but I also see an even longer time and/or combination with "never purge" for certain groups.

It really is an "it depends". 

Hi Marcelo,

This is super useful, especially report for Endpoint Purge Activities, thanks a lot!

Do you know some easy way to display all endpoints with Inactive days larger then X (let's say, I want to see all endpoints with inactive days more than 30 etc.).

I found a way to export all endpoints to CSV and find it from there, but a view/report from ISE GUI would be more useful.

Regards,

Milos

Hi @milos_p ,

 at Context Visibility > Endpoints > Authentication > Inactive Endpoints dashboard, you are able to see and select (like a filter) the Inactive Endpoints:

 After selecting, the list of Inactive Endpoints (23723 in the example above) will be listed bellow (this is a way "to see all endpoints with inactive days more than").

Hope this helps !!!

Hi Marcelo,

I am still not sure if that "INACTIVE ENDPOINTS" chart will present all inactive endpoints, or just for certain amount of time, as it looks like chart is divided in 30 columns, so I guess it will show for last 30 days.

Now, clicking on the chart on certain date will put in the filter "Inactive since X days" and show endpoints only for that date, not also before or after, I tested it.

You can try to click on your chart on a bar before or after the one with 23723 endpoints, and see if it will bring you 23723+X or just endpoints from that day.

For me, it shows only for the day that I clicked on the chart.

Thanks a lot!

Milos

Hi @milos_p ,

 yes, your understanding is correct.

 When you click on the column the filter is applied to all Endpoint that are inactive for exactly X days:

Regards

Hi Marcelo,

Great, so I understood it good, it's exactly for X days.

Is there a trick so I can see endpoints inactive for more than X days?

Regards,

Milos

Hi @milos_p ,

 sorry, not that I know.

Regards

Hey Marcelo! 

Is there something similar for inactive Network Devices? I have hundreds of network devices that have been retired and not cleaned up. Is there a purge option for something like that?

Hi @JasonPawlowski6638 ,

the Endpoint Purge (at Administration > Identity Management > Settings) is for Endpoints only !!!

At Administration > Network Resources > Network Devices > you can select the Network Devices and choose Delete > Delete Selected.

To check the Authentications of a Network Device:

• At Operations > Reports > Reports > Authentication Summary > check Authentications by Device Name
• At Operations > Reports > Reports > Top N Authentications by Network Device

Hope this helps !!!