Implementing wireless solution on ISE 2.3. Let me provide some details before I ask the question.
Want to authenticate windows machines using EAP-TLS via unique certificate. For all Apple iOS devices, want to authenticate via AirWatch. There will be two SSIDs - WiFiWindows and WiFiApple
For Windows
1. A corporate device connects to WiFiWindows and presents certificate
2. ISE validates certificates and provides corporate access
for Apple
1. An iOS device connects to WiFiApple
2. ISE makes an API call to MDM (AirWatch) and checks device's registration status
3. If device is registered, corporate certificates is installed on devices to get full corporate access
question
How to prevent Apple iOS devices to join WiFiWindows? In other words, windows and apple have same corporate certificate, but when Apple device joins WiFiWindows, access should be denied.
