The 'Secure Endpoint Best Practices Guide' does not have a single mention about the host firewall. What would be the starting point when implementing this? Or what actually would be the best practices?

I think that might depend on the kind of wireless infrastructure you have. Do you use Meraki APs or Cisco APs?

Any reason why you have the same network access on pending and compliant? Do you pre-deploy CSC/Anyconnect or do you use the provisioning portal? If the endpoint is in a pending state, wouldn’t you want to only allow access to ISE for client provisio...

@Marcelo Morais In what circumstance would the compliance state change from compliant to unknown if the same session ID is still being used?

Hello @Marcelo Morais I am still a bit confused on this. Here are my current settings:TEAP with EAP-TLS, we have separate authorization policies for machine (no posturing) and user authentication (yes posturing)Default compliant state is set to Non-C...