Hello in 2.0 and 2.0.1 cisco ise release notes we can read this
Mobile Device Management Enhancements
Cisco ISE 2.0.1 allows endpoints that were enrolled on an active MDM server outside of an ISE network
to connect to an ISE network without needing to re-enroll with the MDM server.
When the endpoint connects to the ISE network, the MDM portal queries the MDM server for the
endpoint. If the server returns the endpoint as compliant, ISE issues a change of authorization and allows
the endpoint on the network. If the endpoint is not enrolled with the MDM server, it will have to go
through the enrollment process.
Basicly I can enroll the devices outside the MDM but when I have a rule to check te compliance (MDM is up of course), compliance devices on the mdm don't match it and some devices totally unregistered match that rule but doesn't apply the "deny all"
I've tried device registered, device compliance, both at the same time and I don't have a good result.
Do I still need to use the redirect authorizacion policy?, is there any new integration guide for airwatch and Cisco ISE 2.0?
regards
