cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

NAC with Mobile Iron (MDM) for Windows Mobile Devices

NAC with Mobile Iron (MDM) for Windows Mobile Devices

Kunal_Waghela
New Contributor
Hi,

Currently we have NAC integrated with Mobile Iron API (OneFabric Connect) which is working great for Apple devices.

From my understanding the NAC is currently looking at three groups in Mobile Iron through API which in turn populates the below groups in NAC

- Managed Mobile Devices Personal
- Managed Mobile Devices Business
- Decommissioned

We are having issues with Windows mobile devices as for some reason this it seems don't get populated in the same groups as an Apple device would.

Is there any tweaks we need to do on the API for NAC to see windows devices through Mobile Iron?

Thanks

4 REPLIES 4

Kunal_Waghela
New Contributor
Hi,

Netsight Version 6.3.0.162
OneFabric Connect Version: development-2.06-2
ws_url is: https://address/api

address can be either mobileiron DNS address or IP.

You also need to create a user in mobile iron and give API access.

Thanks

Tomasz_Lubas
New Contributor III
Hello Kunal Waghela,
I'm trying to do similar thing.

Could you share onefabric configuration eg. ws_url parameter ? What version of api and Core you use ?:)

Kunal_Waghela
New Contributor
Hi,

Yes we can see the ownership attribute similar to Apple Devices.

The only difference I have noticed is a check option on Apple devices which says MDM enabled. We don't see this option on the windows devices.

It seems whatever ownership attribute we change to, the table which NAC points to for mobile Ironed MAC address does not get updated with windows devices.

Ferrer__Salvado
New Contributor
Hello Kunal, The classification into groups is independent of the OS. As long as the device is registered in MobileIron, it is classified into the corresponding group based on its attributes in MobileIron's DB. Can you check in MobileIron if the windows mobile devices have an ownership attribute like apple devices? Another a bit more cumbersume option is to configure netsight mobileIron's module for a Debug log (https://:8443/fusion_jboss), find a windows mobile device in the log at /usr/local/Extreme_Networks/NetSight/appdata/logs/server.log and check the logged attributes. After this process, restore the log level to its original value to avoid filling the disk with logs.
GTM-P2G8KFN