I have enabled 'Assign group policies by device type' to block mobile BYOD devices (iphone/android), so that they can't join when someone uses their AD credentials (they love to try).
This works well for the most part. However, every now and then, maybe a few times a week, an Apple Macbook Pro will be falsely detected as an iPhone, and the laptop with then automatically be placed into the BLOCKED mode and I have to change it to NORMAL so they can connect. I only know this happens because I happen to check, or if they complain to service desk.
Until I migrate to EAP-TLS which will allow me to remove this group policy feature, I'm forced to do this. I was wondering if anyone know's of a way to get some sort of alert if a client becomes blocked (regardless if its auto or manual).
With the introduction of webhooks I thought maybe that might help, but I don't think it will. Looking at API the only option I see is 'Return the group policy that is assigned to a device in the network' but this requires I input the clients mac address, so this isn't helpful.
As far as the API goes you can retrieve the clients connected to a device, which returns the MAC, you can then use those MACs to return the group policy. So if you are good with the API (it sounds like you are) you can have that all in one script.
I'm not sure of good way to send notifications to you though.
@NolanHerring this happens sometimes with the Dashboard incorrectly identifying a device type. What if you used tags instead of device type?
This isn't what you are looking for, but what if you had it apply a group policy to move them to another "guest" VLAN that has internet access, but not access to company resources? That would at least allow legitimate users to do basic work, like email, log into SaaS applications, etc.
Sorry, I misread your question. I've had a good look through the alerts section and I cannot find anything that will work. For now I would just keep doing what your doing and submit a wish.
If someone plugs their iPhone via USB into their notebook you may also find that the notebook gets falsely detected as an iPhone, as the iPhone will use Ethernet over USB and communication via that method.