NAC with Mobile Iron (MDM) for Windows Mobile Devices


Currently we have NAC integrated with Mobile Iron API (OneFabric Connect) which is working great for Apple devices.

From my understanding the NAC is currently looking at three groups in Mobile Iron through API which in turn populates the below groups in NAC

- Managed Mobile Devices Personal
- Managed Mobile Devices Business
- Decommissioned

We are having issues with Windows mobile devices as for some reason this it seems don't get populated in the same groups as an Apple device would.

Is there any tweaks we need to do on the API for NAC to see windows devices through Mobile Iron?


4 replies

Hello Kunal, The classification into groups is independent of the OS. As long as the device is registered in MobileIron, it is classified into the corresponding group based on its attributes in MobileIron's DB. Can you check in MobileIron if the windows mobile devices have an ownership attribute like apple devices? Another a bit more cumbersume option is to configure netsight mobileIron's module for a Debug log (https://:8443/fusion_jboss), find a windows mobile device in the log at /usr/local/Extreme_Networks/NetSight/appdata/logs/server.log and check the logged attributes. After this process, restore the log level to its original value to avoid filling the disk with logs.

Yes we can see the ownership attribute similar to Apple Devices.

The only difference I have noticed is a check option on Apple devices which says MDM enabled. We don't see this option on the windows devices.

It seems whatever ownership attribute we change to, the table which NAC points to for mobile Ironed MAC address does not get updated with windows devices.
Userlevel 1
Hello Kunal Waghela,
I'm trying to do similar thing.

Could you share onefabric configuration eg. ws_url parameter ? What version of api and Core you use ?:)

Netsight Version
OneFabric Connect Version: development-2.06-2
ws_url is: https://address/api

address can be either mobileiron DNS address or IP.

You also need to create a user in mobile iron and give API access.