Security

 View Only

  • 1.  How to Automatically Delete MAC Auth Expired Devices

    Posted Feb 16, 2026 07:01 PM

    Hi all,

    We have several guest users in Active Directory who connect to the network via a captive portal. After authenticating through the captive portal, they then connect using MAC authentication.

    Each guest user has a device limit of up to five devices. However, due to MAC address randomization, when the MAC authentication expires and the user reconnects, the device often appears with a different MAC address. This causes the device count to increase rapidly and the user quickly reaches the device limit.

    We are also using the Intune extension for a different service to import staff devices from Intune into the endpoint repository. Because of this integration, we cannot use the built-in cleanup tool to delete known endpoints after a certain number of days of inactivity, as staff devices must remain in the endpoint repository to allow them to connect.

    Given this limitation, is there a way to automatically remove or clean up MAC-expired devices associated with captive portal users, perhaps via an enforcement profile or a similar mechanism without impacting staff devices?

    Any guidance or suggestions would be appreciated.


    -------------------------------------------


  • 2.  RE: How to Automatically Delete MAC Auth Expired Devices

    Posted Feb 17, 2026 03:53 AM

    Customize the WLAN Guest MAC Auth Service. Do not mark the endpoints as "Known" and use the authentication method [Allow All MAC AUTH]. Then adjust the cleanup intervals. Use different intervals for known and unknown endpoints.



    ------------------------------
    Regards,

    Waldemar
    ACCX # 1377, ACEP, ACX - Network Security
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------



  • 3.  RE: How to Automatically Delete MAC Auth Expired Devices

    Posted Feb 18, 2026 02:55 PM

    Also transition from a maximum number of unique devices/endpoints to a number of concurrent sessions allowed which is what people usually care more about anyways.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



Related Content