Which of the following is not an attribute on which an ISE MDM policy can be based? (Select the best answer.)
- the encryption status of the disk.
- the jailbreak status of the operating system
- the revision of the operating system
- the status of the PIN lock configuration
- the status of the Bluetooth interface
The status of the Bluetooth interface is not an attribute on which a Cisco Identity Services Engine (ISE).
Mobile Device Management (MDM) policy can be based. ISE is a nextgeneration Authentication,
Authorization, and Accounting (AAA) platform with integrated posture assessment, network access control, and client provisioning. ISE integrates with a number of MDM frameworks, such as MobileIron and AirWatch. MDM policies can be based on the following attributes:
From ISE, you can easily provision network devices with native supplicants available for Microsoft Windows, Mac OS X, Apple IOS, and Google Android. The supplicants act as agents that enable you to perform various functions on the network device, such as installing software or locking the screen with a personal identification number (PIN) lock.
For devices like phones, ISE relies on MDM servers to carry out the specific administrative actions selected in ISE. For example, when a selective wipe is selected for a device in ISE, a request is made to the appropriate MDM server to carry out the action. The MDM server communicates with its corresponding agent on the phone and removes all corporate applications and installed profiles, including any subprofiles. The selective wipe also removes the MDM agent, which is typically an installed application. Through an MDM server, ISE can perform a full wipe, a selective wipe, or a PIN lock depending on the severity of the security risk of the lost phone.