We worked with Mike and demontrated how you can key off a value such as device type, serial number, etc which are also stored in the system to get the desired effect. We will then update the endpoint table (MAC address) as known after the AAA sessions commence. We do fully support iOS 5.x, due to the quirks in apples API we just use a different value than MAC address to key off for authorization. Note that this same mechanism can be used for all types of devices, not just iOS 5.x
We are now working with Mike on using an external asset register (or a direct import to CPPM of known devices) to differentiate between corporate owned devices and BYOD. We will keep the community posted and share back any details, likely to use serial number as the trigger point.
Happy Onboarding!
Carlos