Home
Support
Product Support
Security
Cisco Identity Services Engine
Configuration Guides

Integrate MDM and UEM Servers with Cisco ISE

View all Saved Content

PDF

Is this helpful?

Helpful Unhelpful

Feedback

Thank you for your feedback. Your response has been recorded.

Ask about this document

Cisco Configuration Guide, Release 4.2

Table of contents

Expand all sections

About this document

Integrate UEM and MDM Servers with Cisco ISE

Unified endpoint management in Cisco ISE
MAC address for VPN-connected endpoints

Integrate Cisco Meraki Systems Manager

Cisco Meraki Systems Manager
Set up Cisco Meraki Systems Manager as an MDM or UEM server

Integrate Microsoft Endpoint Manager Intune

Microsoft Intune and Cisco ISE
Configure Microsoft Endpoint Manager Intune
Manage VPN-connected mobile devices with Microsoft Intune
Connect Microsoft Intune to Cisco ISE as a mobile device management server

Integrate Ivanti (previously MobileIron) UEM

Ivanti (previously MobileIron) UEM servers
Set up MobileIron Cloud UEM servers
Set up MobileIron Core UEM servers

MAC address for VPN-connected endpoints

Updated: February 6, 2026

Want to summarize with AI?

Overview

This section explains that VPN-connected endpoints share either their MAC address or UDID with Cisco ISE. Cisco ISE uses MAC addresses to manage endpoint data.

Cisco ISE uses endpoint MAC addresses to save and manage data, display context visibility information, and enable authorization workflows.

For VPN-connected endpoints, the VPN headend receives an endpoint’s MAC address, Unique Device Identifier (UDID), or both from the Cisco Secure Client (formerly known as Cisco AnyConnect). It then sends the information to Cisco ISE over RADIUS communication.

When you integrate Cisco ISE with an MDM server, Cisco ISE uses either the endpoint's MAC address or the UDID to query the MDM server for the endpoint’s registration, compliance status, and other MDM attributes.

When Cisco ISE queries an MDM server with endpoint's UDID, the MDM server usually responds with the endpoint's MAC address. Receiving an endpoint's MAC address from either the Cisco Secure Client or the MDM server is critical for Cisco ISE. Cisco ISE uses the MAC address to save and manage the endpoint data in its databases.

Need help?

Open a support case

(Requires a Cisco Service Contract)

Bias-free language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.