We are keen on considering an agentless ISE scenario in order to avoid adding another ‘agent’ on the end point. This will also be a requirement in dealing with endpoints that are not corporate managed, or nonsupplicant devices (thermostats, cameras, etc).

We know the ISE agent does posture assessment with simple or compound condition check and remediation. No issue with that.

But, in the agentless scenario –

• can ISE do compliance check for Anti-Virus and OS Patch levels and offer remediation link
• check if hosts are part of domain or security posture of endpoint
• We need a “quarantine” network/segment where endpoints that fail can obtain the required tools and software to be able to connect to corp network

thanks

ram