Showing results for 
Search instead for 
Did you mean: 

ISE Posture status

Level 1
Level 1


the % of postured devices in my network shows at around 49% even though the all of the netwrok devices that are required for postured are passing the posture check.

i started looking it up and noticed that every device that is not posture capable is in the "unknown" state. i've also made sure that my deafult compliance state is "compliant"

Thank you for the help

5 Replies 5

Cisco Employee
Cisco Employee

Is your question why the % of Compliant end points are low? If yes, it clearly depends on the end point & the end point could be in one of the following posture status:

Unknown: No data was collected in order to determine posture state.

Noncompliant: A posture assessment was performed, and one or more requirements failed.

Compliant: The endpoint is compliant with all mandatory requirements.

- Krish


thank you for the quick reply.

Yes, my problem is with the low % level of the total complaint endpoints on my dashboard, its doesnt make sense to me that it should count devices that are not posture applicable in that gauge, and I assumed that this what the default compliance setting is for.

and I’m aware of the different posture states, but this is different because those endpoints are not even posture applicable so it shouldnt apply to them.

thank you,


In order for an endpoint not ISE-posture capable, such as Apple iOS devices, to move from unknown to compliant, the user needs to access the browser and click on start. Thus, if the endpoints not able to do so, I would suggest to assign them to a logical profile or a specific endpoint group and bypass posture on them, by not check Session:PostureStatus.

Level 1
Level 1

I Don’t check the posture status for those endpoints.

i Do MAB bypass for them(I check identit group membership and profile as the condition), and if they pass they get a dacl and access-accep, so that’s why I don’t understand why they have a posture status in the first place.

Will need further analysis to understand what is going on. I'd recommend to engage TAC & debug further. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: