Which of the following lost or stolen device options ar…

Which of the following lost or stolen device options are not available to employees when MDM is integrated with
ISE? (Select 2 choices.)

Which of the following lost or stolen device options are not available to employees when MDM is integrated with
ISE? (Select 2 choices.)

A.
report device as lost or stolen

B.
initiate a PIN lock

C.
initiate a full or corporate wipe

D.
quarantine the device

E.
revoke the device’s digital certificate

Explanation:
When Mobile Device Management (MDM) platforms are integrated with Cisco Identity Services Engine (ISE),
only ISE administrators can quarantine a device and revoke the device’s digital certificate.
Administrators are also capable of performing wipes and personal identification number (PIN) locks without
user notification or intervention. Unlike employees, who initiate full wipes or corporate wipes by using the My
Devices portal, an administrator initiates a wipe or a PIN lock by using the ISE Endpoints screen. Whether an
administrator can initiate a full wipe or a corporate wipe depends on the MDM server policies and configuration.
In a Bring Your Own Device (BYOD) environment, administrators will most likely be able to perform only a
corporate wipe or a PIN lock on a device. If the device is a corporate device that an employee is simply allowed
to use, an administrator might be able to perform a full wipe from the Endpoints screen by selecting Full
Wipefrom the MDM Access dropdown menu. Administrators can additionally force connected devices off the
network, add devices to the Blacklist Identity Group, and disable the device’s RSA SecurID token.
Employees have the ability to report a device as lost or stolen, initiate a PIN lock, or initiate a full or corporate
wipe when MDM platforms are integrated with Cisco ISE. A corporate wipe, which is also known as a selective
wipe, removes only corporate data and applications from the device. A full wipe, which is also known as a
factory reset, removes all data from the device. An employee is also capable of reinstating a device to gain
access without having to reregister the device with ISE. Each of these options is available to the employee by
using ISE’s My Devices portal.
ISE is a nextgeneration Authentication, Authorization, and Accounting (AAA) platform with integrated posture
assessment, network access control, and client provisioning. ISE integrates with a number of MDM
frameworks, such as MobileIron and AirWatch. From ISE, you can easily provision network devices with native
supplicants available for Microsoft Windows, Mac OS X, Apple iOS, and Google Android. The supplicants act
as agents that enable you to perform various functions on the network device, such as installing software or
locking the screen with a PIN lock.

Cisco: Managing a Lost or Stolen Device (PDF)
Cisco: Managing Network Devices: Wiping or Locking a DeviceCategory:
Secure Access



Leave a Reply 0

Your email address will not be published. Required fields are marked *