Wanted to get a feel as to how those of you in the Enterprise space (maybe 1000+ employees) are using ISE. Primarily for guests? Special network needs or have you rolled it out to every port on your network?
Am evaluating various deployment scenarios and considering the associated pain that might go along with each. Potentially could start with a simple "trusted" device vs. "un-trusted" device where "trusted" means there are valid credentials provided PLUS an org provided certificate installed on the machine and provided during authentication. That might be too cumbersome, however and could look at just checking for the presence of a registry key or equivalent depending on the platform. This would still be messy with mobile devices I assume, but might be a good starting point.
Interested to hear how those of you are using ISE In the wild, however.