08-28-2018 06:14 AM
Our authorization results of machines with OS X High Sierra are as follows:
- Sometimes recognized correctly as High Sierra and allowed on to our internal network as designed
- Sometimes recognized as mobile devices that belong on the personal non-corporate network (but still provided an internal IP)
No other OS is acting like this when authorizing. Should we be looking at policies or OS X settings?
Solved! Go to Solution.
08-28-2018 06:25 AM
You need to look at the data collected by profiling to determine what is making it a mobile device vs. High Sierra. How are you even getting them profiled as Sierra devices? The default profile only has User Agent matching which means you would have to bring the device into an ISE portal to collect that information or span Internet traffic to ISE (not feasible).
08-28-2018 06:15 AM
08-28-2018 06:25 AM
You need to look at the data collected by profiling to determine what is making it a mobile device vs. High Sierra. How are you even getting them profiled as Sierra devices? The default profile only has User Agent matching which means you would have to bring the device into an ISE portal to collect that information or span Internet traffic to ISE (not feasible).
08-28-2018 01:28 PM
I also thought a client provisioning portal can collect user agent data? So if you have any posture redirects to a client provision portal you should be gathering that data also.
Are these corporate devices? Are they added to a windows Domain? If so you can gather Mac OS X operating system from a domain query and build a profile based on that info.
08-28-2018 01:32 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide