Hi @howon ,
Thanks for the feedback. Unfortunately, I cannot provide screenshot as per our policy.
But the phrase below is the one I noticed.
"ISE has not confirmed locally previous successful machine authentication for user in Active Directory"
The setup of my authorization policy is when the machine passed it will go to a QVLAN then when user is pass AND WasMachineAuthenticated = True then assign the user VLAN.
Based on my understanding in the log, ISE can't confirm if machine auth is successful hence it goes to my default deny profile.
How to resolve this issue?