Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

MDM in BYOD setup

Hi all ,

we are going to configure BYOD for wireless  in our lab. We are having the components of WLC ,ISE ,AP ,switch , router . Our requirements are

1) corporate laptop security check(some firewall updates are uptodate like that) through NAC agent with ISE.

2)   Guest laptops with normal guest internet without any cheking

3)corporate mobile devices andriod , blackberry , apple phones allowed to access BYOD WLAN . but andriod  devices are not allowed.

We are not sure about how we can integrate MDM in ISE . role of MDM ? . How to configure MDM for the last requirement we given.

Any freeware MDM supported by ISE.

Thanks ,




MDM in BYOD setup

Case Solution:

MDM Integration Process Flow

This section describes the MDM  integration process:

1. user associates a device to  SSID.

2. If the device is not  registered, the user goes through the device on-boarding flow.

3. ISE makes an API call to the  MDM server.

4. API call returns a list of  devices for this user and the posture status for the devices.

5. the user's device is not in this  list, it means the device is not registered. Cisco ISE sends an  authorization request to the NAD to redirect to Cisco ISE. The user is  presented the MDM server page.

6. ISE uses MDM to provision the  device and presents an appropriate page for the user to register the  device.

7. user registers the device in  the MDM server, and the MDM server redirects the request to Cisco ISE  (through automatic redirection or manual browser refresh).

8. ISE queries the MDM server  again for the posture status.

9. the user's device is not  compliant to the posture (compliance) policies configured on the MDM  server, the user is notified that the device is out of compliance and  must be compliant.

10. the user's device becomes  compliant, the MDM server updates the device state in its internal  tables.

11. the user refreshes the browser  now, the control is transferred back to Cisco ISE.

12. ISE polls the MDM server once  every four hours to get compliance information and issues Change of  Authorization (CoA) appropriately.

Setting Up MDM Servers with Cisco  ISE

To set up MDM servers with Cisco  ISE, you must perform the following tasks:

3. ACLs on the  Wireless LAN Controllers.

For complete  configuration, please check the below link.

New Member

Re: MDM in BYOD setup

Thanks a lot aqeel for the detailed steps......   But can you plase tell me any MDM server that I can use for trial period?




Cisco Employee

MDM in BYOD setup

MDM and BYOD are the new feature supported on ISE 1.2.

Please find the link to integrate MDM to ISE:-