09-28-2017 11:40 AM
Looks like registered BYOD endpoints were purged because of the default 30 day policy for a PoV. Tried to manually put their MACs back into the RegisteredDevices endpoint group (instead of 'profiled') but for some reason they still failed the Authentication because the group didn't match the policy step. Is this method supported?
Other endpoints we had them manually forget the SSID, rejoin via PEAP and kickoff another onboarding flow (acquiring certs). It would be great if we could manually put macs back into the group instead of that.
Solved! Go to Solution.
09-28-2017 12:51 PM
Gary,
Is your AuthZ rule looking for the endpoint in the RegisteredDevices group or are you trying to match on the BYOD flag for Device Registration? If the latter, can you try a bulk import of those devices and make sure you set the BYODRegistration status to Yes?
During the bulk import, new endpoints are added along with the defined attributes whereas existing endpoints will be updated. When you manually add the endpoint, you are not given the option to set the BYODRegistration field.
-Thomas
09-28-2017 12:51 PM
Gary,
Is your AuthZ rule looking for the endpoint in the RegisteredDevices group or are you trying to match on the BYOD flag for Device Registration? If the latter, can you try a bulk import of those devices and make sure you set the BYODRegistration status to Yes?
During the bulk import, new endpoints are added along with the defined attributes whereas existing endpoints will be updated. When you manually add the endpoint, you are not given the option to set the BYODRegistration field.
-Thomas
09-28-2017 02:31 PM
Yes we were matching on the BYOD flag. I'll test that out.
Would the endpoint purge clear this flag? Seems like it would if the endpoint is gone.
09-28-2017 02:38 PM
Yes it would
09-28-2017 03:48 PM
Thanks all
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide