You have a couple of options:
- If you are planning to just onboard BYOD (non-corporate devices) then you need to know what devices are considered corporate (using an MDM solution allows you to identify what's consider non-corporate vs corporate and makes things easier for you since there's no manual process )
- If you only have Windows domain devices as your corporate devices those are easy to identify because those perform machine authentication and you can use that in your enforcement policy to prevent those devices to get onboarded .
- If you have other non-domain devices as corporate devices and you don't have an MDM solution then you need to collect the mac addresses and use that as an authorization mechanism to bypass the onboarding process
The mac addresses can be imported to ClearPass Guest Device Repository or the Static Host List