Wireless Access

With Client Tags you can do some AuthZ based on behavior and device information. Currently, Client Insight (CI) doesn't support integration with external authorization sources. 

One of the conditions in the Tags is the Host Name. If the hostname contains a domein name this can maybe used. There is currently no build in option to restrict non-corp devices to join the network.

One other option you can look into is the restriction of the device enrollment via the Onboard workflow.  During onboarding the user needs to login via an IdP. Maybe the Onboard application login can be restricted to corp only devices in Entra (or other IdP)?

Hi Willem,

saying that the host name could be used to filter allong the domain name, is there a way to use a "contains" condition for the hostname value?
There is no documentation (or I did not found it yet) about how to use the value field to filter for beginning phrases, like with wildcards or regex.
Use case: There are very bad generic IoT devices out there, like payment handhelds, using cheap wifi cards and the MAC OUI of the chipset.
They use often chipsets from manufacturers which are seen across multiple device types (eg. scanners, printers, pos systems), but they can often be devided by their hostnames.
Eg.: All POS systems got names like VFI-12345.
If we could use the hostname field to filter allong "contains VFI" we could devide this devices easyly...

With Client Tags you can do some AuthZ based on behavior and device information. Currently, Client Insight (CI) doesn't support integration with external authorization sources. 

One of the conditions in the Tags is the Host Name. If the hostname contains a domein name this can maybe used. There is currently no build in option to restrict non-corp devices to join the network.

One other option you can look into is the restriction of the device enrollment via the Onboard workflow.  During onboarding the user needs to login via an IdP. Maybe the Onboard application login can be restricted to corp only devices in Entra (or other IdP)?

We're facing this exact same situation, except for iOS devices managed by Intune. The documentation on client tags and conditions is virtually non-existent. If I could find a way to tag a client device based on its Intune enrollment status, we'd be golden.

I've seen a demo on New Central where an integration with Intune does exactly that; so that may become available in the future. You could check with your local HPE Aruba team if I've seen/understood this correctly.

We're facing this exact same situation, except for iOS devices managed by Intune. The documentation on client tags and conditions is virtually non-existent. If I could find a way to tag a client device based on its Intune enrollment status, we'd be golden.

Currently this is available with Central - Clearpass integration.

Best, Gorazd 

I've seen a demo on New Central where an integration with Intune does exactly that; so that may become available in the future. You could check with your local HPE Aruba team if I've seen/understood this correctly.

We're facing this exact same situation, except for iOS devices managed by Intune. The documentation on client tags and conditions is virtually non-existent. If I could find a way to tag a client device based on its Intune enrollment status, we'd be golden.

Hi,
yea ... it is like it is.
I'm looking forward to get contains, bgins with and so on, on centrals side also...
Some customers find it easier to use insight tags at role mapping, to only build custom fingerprint rules on central side.
At the moment, "fingerprint management" is some kind of splitted in two products...

Currently this is available with Central - Clearpass integration.

Best, Gorazd 

I've seen a demo on New Central where an integration with Intune does exactly that; so that may become available in the future. You could check with your local HPE Aruba team if I've seen/understood this correctly.

We're facing this exact same situation, except for iOS devices managed by Intune. The documentation on client tags and conditions is virtually non-existent. If I could find a way to tag a client device based on its Intune enrollment status, we'd be golden.