Here is a rough approximation of what I'm doing:

            var envelope = new XmlDocument();

            var ns = new XmlNamespaceManager(envelope.NameTable);
            ns.AddNamespace("ns3", "identity.ers.ise.cisco.com");

            var requestNode = envelope.CreateElement("ns3", "endpointBulkRequest", "identity.ers.ise.cisco.com");

            var mtAttr = envelope.CreateAttribute("resourceMediaType");
            mtAttr.InnerText = "vnd.com.cisco.ise.ers.identity.endpoint.1.0+xml";
            requestNode.Attributes.Append(mtAttr);

            var otAttr = envelope.CreateAttribute("operationType");
            otAttr.InnerText = "create";
            requestNode.Attributes.Append(otAttr);

            var resourceList = envelope.CreateElement("ns3","resourcesList", "identity.ers.ise.cisco.com");

            var i = 0;
            foreach (var mac in macs)
            {
                var description = descriptions[i];
                i++;
                var resource = envelope.CreateElement("ns3", "endpoint", "identity.ers.ise.cisco.com");

                // Add attributes to the endpoint element
                var descAttr = envelope.CreateAttribute("description");
                descAttr.InnerText = description;
                resource.Attributes.Append(descAttr);

                var nameAttr = envelope.CreateAttribute("name");
                nameAttr.InnerText = $"Device MAC: {mac}";
                resource.Attributes.Append(nameAttr);

                // Add child elements to the endpoint element
                var groupId = envelope.CreateElement("groupId");
                groupId.InnerText = _config.IseGroupId;
                resource.AppendChild(groupId);

                var identityStore = envelope.CreateElement("identityStore");
                resource.AppendChild(identityStore);

                var identityStoreId = envelope.CreateElement("identityStoreId");
                resource.AppendChild(identityStoreId);

                var macElem = envelope.CreateElement("mac");
                macElem.InnerText = mac;
                resource.AppendChild(macElem);

                var staticGroupAssignment = envelope.CreateElement("staticGroupAssignment");
                staticGroupAssignment.InnerText = "true";
                resource.AppendChild(staticGroupAssignment);

                var staticProfileAssignment = envelope.CreateElement("staticProfileAssignment");
                staticProfileAssignment.InnerText = "false";
                resource.AppendChild(staticProfileAssignment);

                resourceList.AppendChild(resource);
            }

            requestNode.AppendChild(resourceList);
            envelope.AppendChild(requestNode);

And that is being sent to `https://{my-instance}:9060/ers/config/endpoint/bulk`

And it works fine, except when a MAC address (endpoint) is already in the system (perhaps in another identity group, perhaps just unattached, I haven't checked), in which case it will not be added to the current identity group.  How can I overcome this?