In ISE 2.2, just want to clarify whether the ISE WMI Passive ID provider supports retrieving AD logoff messages directly from the Domain Controllers as part overall logoff detection, or is WMI logoff detection currently only supported through the use of Endpoint Probes and Passive ID session timeouts?
By default, there are no reliable logoff events generated by endpoints that disconnect from network. This is why we are leveraging direct endpoint probes. If we were able to gather this directly from AD, we would have.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
