https://community.extremenetworks.com/t5/security/does-nac-have-the-capability-to-identify-company-issued-devices/m-p/28088#M100 You can define rules based on 802.1x method = if EAP-TLS and the certificate is from the right CA then access granted as "company owned device". You can also verify the username (from CN) against LDAP for additional distinguishing... Fri, 17 Jun 2016 01:12:00 GMT Zdeněk_Pala 2016-06-17T01:12:00Z https://community.extremenetworks.com/t5/security/does-nac-have-the-capability-to-identify-company-issued-devices/m-p/28087#M99 We are trying to see what our options or for identifying mobile devices by the certificate installed on them. We would be using Intune to push group policy settings and a cert. Currently the NAC is setup with AD connectivity. Can a rule be built to catch devices with a company issued cert and also would we need to use a particular auth method? Could we use a captive portal or would we need to use 802.1X?<BR /> <BR /> Fri, 17 Jun 2016 00:57:00 GMT https://community.extremenetworks.com/t5/security/does-nac-have-the-capability-to-identify-company-issued-devices/m-p/28087#M99 Pierre_Demassey 2016-06-17T00:57:00Z https://community.extremenetworks.com/t5/security/does-nac-have-the-capability-to-identify-company-issued-devices/m-p/28088#M100 You can define rules based on 802.1x method = if EAP-TLS and the certificate is from the right CA then access granted as "company owned device". You can also verify the username (from CN) against LDAP for additional distinguishing... Fri, 17 Jun 2016 01:12:00 GMT https://community.extremenetworks.com/t5/security/does-nac-have-the-capability-to-identify-company-issued-devices/m-p/28088#M100 Zdeněk_Pala 2016-06-17T01:12:00Z