Security

So how do you guys do it? Best way to diferentiate between Corporate and Personal Smart Phones using Clearpass with Active Directory?

 

aaannndddd..... GO!!!

Are you using an MDM for either classification of devices?

Hiya Cappi! Negative, the client does not have an MDM as there are approximately 80 or so Android phones.

 

So was wondering about other alternatives, possibly with AD/LDAP  queries?

If you're not using an MDM, you'd have to leverage SHLs or Guest Device
Repository with MAC address to identify them. Just keep in mind, MAC address
can be spoofed, so you'll want to use the profile conflict detection
mechanisms with this.



One other alternative is to issue certificates to the corporate devices via
Onboard or an external CA.

SHLs?

 

 

Static host lists in ClearPass or a list of corporate mac addresses.

There are waaaaaaay too many acronyms in our line of work :-)

 

But yeah, I think that is the direction we are going to go. Thanks for the assistance gang!