Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
256
Views
0
Helpful
1
Replies

ISE Function

peteryouhannafawzy
Level 2
Level 2

‎01-01-2016 11:42 PM - edited ‎03-10-2019 11:21 PM

ISE Licence :-

i need to know what is the difference between Bring Your Own Device (BYOD) with built-in Certificate Authority Services in the PLUS licence and Third Party Mobile Device Management (MDM) in the Apex licence .

THanks alot

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-02-2016 10:34 AM

BYOD with internal CA is to enable you to register non-corporate devices and allow you to issue certificates to devices for use as a persistent identity attribute.

Third party MDM allows you to query an external product for characteristics of the supplicant device and use the returned value in making AuthC and AuthZ decisions.

As described in the ISE Admin Guide:

Mobile Device Management (MDM) servers secure, monitor, manage, and support mobile devices deployed across mobile operators, service providers, and enterprises. MDM enforces policy on endpoints. As it is network blind it cannot force users to register their device and comply with policy. ISE can be made aware of policy that requires devices comply with MDM policy, so that ISE can make the users to register the devices. If the ISE device policy requires MDM and the device is not compliant with MDM, then ISE redirects the user to the MDM onboarding portal, prompting the user to update the device to get network access. ISE can also allow Internet-only access to users who decline MDM compliance.

0 Helpful
Customers Also Viewed These Support Documents