Hi

About to go live with ISE 2.0 with latest patch.  We are using a BYOD portal to on board partner devices to connect to main WLAN, so we connect by a on boarding page, a partner requires AD credentials and a certificate is then dropped on to their Windows or Mac Device.

The CIO enrolled his Mac on to the system, no issues, but then about 8 days later couldn't connect, kept asking which certificate to use.

Looking on the logs a Endpoint Purge had removed him from the system, this by default should be 30 days, I added the MAC Address back in to the filter and it started working again.

My question is what would cause a device to be purged from the ISE after 8 days by a procedure that should only accord after 30 days?

I've since disabled this, but would like to understand why it happened.