I have been playing with ISE for a few weeks now. I want to get the thoughts of other more experienced ISE users.
I have concluded, it is best to use EAP-TLS with CERTS to differentiate between corporate owned iPads and BYOD iPads. Although ISE does a great job finger printing. A user can log onto his BYOD iPad and enter his AD account and get on the production network. A cert would certainly fix this problem.
But, is there any other fail proof way without a certificate ? What are other folks doing to manage which iPad is which ?
Ive also concluded, I am not able to posture an iPad. I was thinking, since we use Zenprise as our MDM platform I could then use a service posture to see if it was running and if so, then determine by which, it was a corporate owned iPad. However, under the posture services, I only see windows OSs and no Apple love at all.
Any feedback is appreciated ..
p.s. I rate helpful post! LOL