cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1326
Views
10
Helpful
3
Replies

ISE - MDM Questions

gugonza2
Cisco Employee
Cisco Employee

Hi Team,

 

I have a customer who is evaluating Cisco ISE for Wireless access and Mobiles endpoints (iPhones and Android devices).  They have VMware MDM to manage the mobile devices, they want to know details about ISE - MDM integration.  They have some questions and I would like some suggestions or comments about them;

 

Is it necessary the ISE Plus licenses for Profiling using MDM ?   

 

As I understand, Plus license is needed for Profiling, MDM will manage the devices and ISE will provide the access control for devices.  Using ISE Profiling we can create authorization policies associated to specific type of endpoints.  The customer is asking about this license requirement in ISE because they understand that MDM make Profiling and ISE Base would be enough.  I would like to confirm, Any comment ?

 

Is it necessary the ISE Apex licenses for MDM - ISE Integration ?

 

Today they are trying ISE (PoV) as access control mechanism using certificates to authenticate and authorize the mobiles to Wireless resources, but they don’t have ISE - MDM integrated.  For ISE - MDM integration they will need Apex licenses but they want to know the advantages using integration.  

 

Please, your comments and suggestions.

 

Guillermo.

1 Accepted Solution

Accepted Solutions

Jason Kunst
Cisco Employee
Cisco Employee
If you want to tie MDM compliance with network access then you will need the APEX license.
https://community.cisco.com/t5/security-documents/cisco-ise-byod-prescriptive-deployment-guide/ta-p/3641867#toc-hId-966257778

If MDM compliant then permit full access
If mdm non-compliant then redirect to MDM portal and restrict access

If you simply use MDM to push out certificates for wireless dot1x and not tie together with compliance you can just have base license.

Profiling is not required to do MDM

Please see ordering guide for more information, page 20
https://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/guide_c07-656177.pdf

View solution in original post

3 Replies 3

MDM requires an Apex license, and ISE will use the sub licenses also, so you would need base/plus/apex to use MDM.

Jason Kunst
Cisco Employee
Cisco Employee
If you want to tie MDM compliance with network access then you will need the APEX license.
https://community.cisco.com/t5/security-documents/cisco-ise-byod-prescriptive-deployment-guide/ta-p/3641867#toc-hId-966257778

If MDM compliant then permit full access
If mdm non-compliant then redirect to MDM portal and restrict access

If you simply use MDM to push out certificates for wireless dot1x and not tie together with compliance you can just have base license.

Profiling is not required to do MDM

Please see ordering guide for more information, page 20
https://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/guide_c07-656177.pdf

Thx Jason and Dustin. Thanks a lot for clarification.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: