Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
493
Views
0
Helpful
2
Replies

Windows 10 patch managment

Go to solution
afahmy
Cisco Employee
Cisco Employee

‎11-07-2017 08:15 AM

Hi all,

As i haven't had the chance to test or try that myself, please advise if there are known issues in getting SCCM integration to work with ISE+ Anyconnect posture or the purpose of patch management (customer wants to make sure endpoint has the most up to date patches before it's allowed on the network).

Thanks,

Ahmed.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Craig Hyps
Level 10
Level 10

‎11-07-2017 09:26 AM

Per direct communication, here is reference guide: ISE Design & Integration Guides

You also noted that TAC case opened but concern was delay in seeing resolution, so this post does not provide much for anyone to go on other than "Any known issues".   Per phone call, recommend:

  • Communicate delay in resolution with TAC Duty Manager
  • Review SCCM Integration Guide
  • ISE 2.3 adds some enhancements for backend Microsoft patch level checking with SCCM.
  • If specific question or issue, then detail that rather than general "any issues" to allow TMEs or other SMEs to provide direct feedback to specific issue.  Otherwise it is too vague. 

Goal of this community is not to be a TAC escalation forum so want to make sure that issues already in the hands of TAC are escalated through proper channels.  If looking for feedback on resolution or solicit experience, that is acceptable, but open queries like this likely will not achieve desired outcome.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Craig Hyps
Level 10
Level 10

‎11-07-2017 09:26 AM

Per direct communication, here is reference guide: ISE Design & Integration Guides

You also noted that TAC case opened but concern was delay in seeing resolution, so this post does not provide much for anyone to go on other than "Any known issues".   Per phone call, recommend:

  • Communicate delay in resolution with TAC Duty Manager
  • Review SCCM Integration Guide
  • ISE 2.3 adds some enhancements for backend Microsoft patch level checking with SCCM.
  • If specific question or issue, then detail that rather than general "any issues" to allow TMEs or other SMEs to provide direct feedback to specific issue.  Otherwise it is too vague. 

Goal of this community is not to be a TAC escalation forum so want to make sure that issues already in the hands of TAC are escalated through proper channels.  If looking for feedback on resolution or solicit experience, that is acceptable, but open queries like this likely will not achieve desired outcome.

0 Helpful

Go to solution
paul
Level 10
Level 10

‎11-08-2017 06:35 AM

Ahmed,

In addition to what Craig said, you have to be very careful about this statement you made:

"customer wants to make sure endpoint has the most up to date patches before it's allowed on the network."


Any time I see the statement like "Customer wants to block access before posture is known" I cringe a bit.  You need to have a clear understanding of when posture status is reported and what you will break if you are too restrictive in the posture unknown state.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents