Which statement about MDM with the Cisco ISE is true?
A. The MDM’s server certificate must be imported into the Cisco ISE Certificate Store before the MDM and ISE can establish a connection
B. MDM servers can generate custom ACLs for the Cisco ISE to apply to networks devices
C. The Cisco ISE supports limited built-in MDM functionality
D. The Cisco ISE supports a built-in list of MDM dictionary attributes it can use in authorization policies
E. When a mobile endpoint becomes compliant, the Cisco ISE records the updated device status in its internal database
F. If mobile endpoint fails posture compliance, both the user and the administrator are notified immediately
I believe to be the answer “A”
https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_01000.html#ID584
Import MDM Server Certificate into Cisco ISE
For Cisco ISE to connect with the MDM server, you must import the MDM server certificate into the Cisco ISE Certificate Store. If your MDM server has a CA-signed certificate, you must import the root CA into the Cisco ISE Certificate Store.
Exactly my friend.
Set Up MDM Servers with Cisco ISE
To set up MDM servers with Cisco ISE, you must perform the following high-level tasks:
Procedure
Step 1
Import MDM server certificate into Cisco ISE.
Step 2
Create mobile device manager definitions.
Step 3
Configure ACLs on the Wireless LAN Controllers.
Step 4
Configure an authorization profile that redirects non-registered devices to the MDM server.
Step 5
If there is more than one MDM server on the network, configure separate authorization profiles for each vendor.
Step 6
Configure authorization policy rules for the MDM use cases.