What options do I have for verifying that a Mac is a company-owned/managed asset? I'm configuring DAP policies on my ASA for SSLVPN, and I'm able to identify a incoming windows PC via a Registry Key that shows domain membership.
I don't think the same option exists for Mac (or Linux) computers since they don't support CSD host scans. I thought about digital certificates, and that might be my only option, but I have multiple ASA's so I can't use the internal Local CA on the ASA (and it can't be an RA, so I'd have to host the CA somewhere else (probably on an old 2600 running IOS CA).
So, any thoughts on how to restrict VPN access to just company-managed machines?