Solved: Re: MDM Lookup to gain attributes only?

Josh Morris · ‎03-02-2021

I am trying to gain access to more attributes such as MacOS version since Apple may stop putting the version number in the User Agent field. I have JAMF as an MDM and already use it to validate compliance for VPN clients. I'm wondering if anyone has used an MDM lookup strictly as a means to gain more attributes for a device. I know reaching out to MDM for authZ can add additional connectivity time, so I'm not really wanting to do that. But is there another way for me to reach out to the MDM to check a device?

Greg Gibbs · ‎03-03-2021

The MDM API is mainly intended to validate Registration/Compliance status of the endpoint from the MDM/DDM and is only triggered by an AuthZ Policy that uses those attributes.

The ideal mechanism for external systems to share endpoint contextual data with ISE would be via pxGrid, but JAMF would need to develop a pxGrid publisher mechamism that ISE could then consume as a subscriber.

View solution in original post

Greg Gibbs · ‎03-03-2021

The MDM API is mainly intended to validate Registration/Compliance status of the endpoint from the MDM/DDM and is only triggered by an AuthZ Policy that uses those attributes.

The ideal mechanism for external systems to share endpoint contextual data with ISE would be via pxGrid, but JAMF would need to develop a pxGrid publisher mechamism that ISE could then consume as a subscriber.