Cisco Meraki’s Enterprise Mobility Management (EMM) software secures, monitors, manages and supports mobile devices deployed across mobile operators, service providers and enterprises. A typical Cisco Meraki EMM configuration consists of a cloud-based policy server and a mobile device client. However, often times the network is the only entity that can provide granular access to endpoints (based on ACLs, TrustSec SGTs etc.). It is envisaged that Cisco Identity Services Engine (ISE) would be an additional network based enforcement point while the cloud- based Cisco Meraki EMM policy server would serve as the policy decision point. ISE expects specific data from Cisco Meraki cloud EMM servers to provide a complete solution.
The following are the high level use cases in this solution.
Device registration - Non registered endpoints accessing the network on-premises will be redirected to registration page on Cisco Meraki EMM cloud for registration based on user role, device type, etc. In addition Meraki can also provision the device with corporate application e.g. AnyConnect (VPN), Jabber (Collaboration) etc .. so the user has secure access to corporate resources (per policy) when device is off-premises.
Remediation - Non compliant endpoints will be given restricted access based on compliance state Periodic compliance check– Periodically check with Cisco Meraki EMM cloud server for compliance
Ability for ISE administrators to issue remote actions on the device through the Cisco Meraki EMM cloud (e.g.: remote wiping of the managed device)
Ability for end users to leverage the ISE My Devices Portal to manage personal devices, e.g. Full Wipe, Corporate Wipe and PIN Lock.
Hi team.Please forgive me if this is not the correct list I should be sending this message to.
One of our strategic customers in Brazil is very interested in doing downlink MACSec towards the endpoint (switch-to-user)
The challenge is that they are a str...
I am trying to get AMP for ESA set up on our IronPort C170 appliance running ASyncOS 11.0.3. I believe I have my settings correct, however, files that have a verdict of unknown are not being uploaded for analysis. Perhaps I'm missing something? I have mad...
I am running an ISE POC using only the ISE Context Visibility Wizard and this works fine. We are using all parts of the wizard including the psexec function to look at applications running on windows machines via Anyconnect in the backg...
After reading though and implementing many of other configuration suggestions from community page posts related to the same issue as well as from config guides and other related pages, I am still having an issue with pinging from my Catalyst 9200 switch t...