Hi,
One test you could do it rogue containment. First turn rogue containment on.
(config) #ids unauthorized-device-profile default
(IDS Unauthorized Device Profile "default") #rogue-containment
or from web interface:
All Profiles > IDS > IDS Unauthorized Device > default
Tick the Rogue Containment box.
Apply setting and save.
Now plug an unauthorised AP into the corporate network.
You could try testing the unauthorised AP with a random SSID and then with your corporate SSID to see what happens.
Obviously it would be good to do the corporate SSID test out of hours or in a location where corporate clients will not connect to it.