Solved: MDM Server Cache

InfraISE2020 · ‎09-24-2020

Hi,

We have come across an issue that we hope you can help with.

Does anybody know if the posture cache setting applies to external MDM server? (see attached picture).

The reason i ask is that we've recently had an issue where 2 devices are being marked as non-compliant on ISE however they are showing as compliant on the external MDM server (i.e. Microsoft Intune).

Is there a way to delete this cache so that ISE checks against the MDM server as it appears to only be looking at the cached version on ISE.

For reference (and testing) we have set the external MDM server polling interval to 15 minutes and the Time Interval for compliance device reauth query to 1 minute however this doesn't seem to be working.

Any help is appreciated.

Thanks in advance.

pavagupt · ‎09-28-2020

For your query, Does anybody know if the posture cache setting applies to external MDM server?

"Cache Last Known Posture Compliant Status" is not applicable to MDM attributes refresh.

Can you cross verify from ISE (Context Visibility > Endpoints > Compliance dashboard, search for the endpoints where you have seen this issue) whether MDMCompliant attribute is updated to true/false ?

if it isn't reflecting MDMCompliant=true, you can do "Refresh MDM Partner Endpoint" from same context visibility MDM options.

View solution in original post

pavagupt · ‎09-28-2020

For your query, Does anybody know if the posture cache setting applies to external MDM server?

"Cache Last Known Posture Compliant Status" is not applicable to MDM attributes refresh.

Can you cross verify from ISE (Context Visibility > Endpoints > Compliance dashboard, search for the endpoints where you have seen this issue) whether MDMCompliant attribute is updated to true/false ?

if it isn't reflecting MDMCompliant=true, you can do "Refresh MDM Partner Endpoint" from same context visibility MDM options.