Hi,
We have a requirement where we need to prevent any non-domain device to connect to a specific SSID. Below is the current scenario in which we need to provide solution:
1) Only user based authentication should be there
2) Personal mobile devices as well as machines should not be able to connect to this SSID
3) AD groups are not in place so segregation is not possible based on devices
Few options that could be possible according to me:
a) Logical profiles - Where I can mention only the corporate workstations OS to be allowed and then call this profile in authorization policy
b) AD profile - Since AD profiling can provide OS information, maybe create a custom profiling condition and respective policy and then call it in authorization policy. Not sure about performance impact for AD in this case
Any inputs appreciated. Thank you!