• Skip to primary navigation
  • Skip to main content
site logo
  • About
    • Approach
    • Partnerships
    • Mission
    • Leadership
    • Awards
    • Arraya Cares
  • Solutions
    • Solutions

    • Hybrid Infrastructure
      • Hyperconverged
      • Infrastructure as a Service
      • Servers, Storage, and Virtualization
      • Data Protection
      • Disaster Recovery & Business Continuity
    • Apps & Data
      • AI
      • Automation
      • Customizations
      • Visualizations & Integrations
      • Migrations
    • Network
      • Enterprise Networks
      • Wireless Connectivity
      • Cloud Networking Solutions
      • IoT
    • Cybersecurity
      • Endpoint Security
      • Network Security
      • Cloud Security
      • Application Security
    • Modern Workplace
      • Microsoft Licensing
      • Productivity & Collaboration
      • Modern Endpoint Deployment & Management
      • Microsoft Compliance & Risk
      • Backup
      • Cloud
  • Services
    • Services

    • Managed Services
      • Service Desk
      • Outsourced IT
      • Managed Security
      • Managed NOC
      • Arraya Adaptive Management for Microsoft Technologies
      • ADEPT: Arraya's White Label Program
    • Advisory Services
      • Assessments
      • Strategy
      • vCTO
      • vCISO
      • Enterprise Architecture
    • Staffing
      • Infrastructure Engineering
      • Security & Compliance
      • Application & Software
    • Professional Services
      • Project Management 
      • Systems Integration 
      • Mergers & Acquisitions
      • Knowledge & Skills Transfer 
  • Industries
    • Education
    • Finance
    • Healthcare
    • Legal
    • Manufacturing
    • Software and Services
  • Insights
    • News
    • Blog
    • Events
    • Videos
    • Case studies
  • Careers
  • CSP Login
search icon
Contact Us

Cisco ISE 3.0: Here’s What the New Release Can Do

Cisco released its third version of Identity Services Engine (ISE) back in September. If you are not familiar with Cisco ISE, it is an industry leading Network Access Control (NAC) system that provides security policy management and access to your network infrastructure. Cisco ISE enables you to gather real-time contextual information from the users and devices that connect to your network. Having this information allows you to create granular proactive policies regarding how and when users and devices connect to your network and what parts of the network they have access to. In other words, it gives network administrators visibility of who, what, where, when and how users and devices connect to the network and allows them to create network access policies based on those attributes.

Feature changes or updates with Cisco ISE 3.0 

There are too many updates to list, but here are few to highlight in detail and few more to just call out:

The ISE dashboard has gotten a makeover

  • It looks similar to Cisco’s Digital Network Architecture Center (DNAC) dashboard
  • A new search bar has been added to look up features
  • Most features have moved to the hamburger menu
  • The help menu has moved. You can type in a feature and it will provide all related documentation
  • There is a new Make a Wish feature button which enables you to make requests to add new features

The licensing structure for ISE 3.0 is changing from ISE 2.0

  • ISE 2.0 used Base, Plus and Apex licenses. 3.0 is transiting to Essentials, Advantage and Premier license
  • ISE 3.0 is 100% term based licensing. The bottom tier license, Essentials, is NOT perpetual
  • There are some changes when it comes supported features per license tier.  So when migrating from 2.0 to 3.0, you need to make sure you have comparative features
  • ISE 2.0 used a consumption model where licenses were consumed in a Lego model. This meant as you consumed a feature, you consumed the licenses tied to that feature. For example, if a user used AAA to authenticate, it consumed a Base license. If that user used Profiling as well, it would also consume a Plus license. With 3.0, licenses are consumed by each licensing tier. So if you use Profiling and AAA features, you will consume only one Advantage license
  • TACACS+ (Network Device Administration) licenses do not require 100 Base licenses in 3.0
  • There is a migration process to migrate existing 2.0 licenses to 3.0 licenses

Note: Some of these licensing changes can be a little confusing. Please reach out if you need a deeper understanding of the licenses.

ISE nodes supported with 3.0

  • You can still use Cisco SNS appliances, but be aware SNS 3515 & 3595 are end of life
  • Virtual appliances are supported on VMware, KVM and Hyper-V
  • You can also support a cloud deployment platform using VMware Cloud in AWS. Other clouds will be supported in the near future.

Agentless Posturing is now supported on Windows & macOS

  • You can enforce endpoint compliance without an agent on the endpoint
    • There are caveats with this – you need admin credentials and there is no support for remediation, grade periods, and re-assessments
    • It is still recommended to use an agent, like AnyConnect, to perform posturing on a device. There is not full feature comparison between agent and agentless deployments.

Here are a few other new features I wanted to bring to your attention:

  • 802.1X with Azure AD using OAuth-ROPC (Resource Owner Password Credentials)
  • Cisco’s new ISE API Gateway provides a new single point to interface and manage API calls
  • Certificate Fingerprinting using SHA256 to evaluate certificates. This allows you to use multiple trusted certificates.
  • Health Checks – run an on-demand health check to diagnose all the nodes in your deployment, helping you to identify critical issues and avoid downtime
  • Interactive Help that provides tips and step-by-step guidance to complete tasks
  • pxGrid has a new interface
  • SAML SSO for Multi-Factor Authentication

I hope you found some of these new features beneficial. Before upgrading to ISE 3.0, make sure you convert your existing licenses to the new 3.0 licenses. If you need a hand or would like to learn more, reach out to myself and the Arraya team today.

Arraya Insights
Back to Top
Arraya Solutions logo

We combine technological expertise and personal service to educate and empower our customers to solve their individual IT challenges.

518 Township Line Road
Suite 250, Blue Bell, PA 19422

p: (866) 229-6234     f: (610) 684-8655
e: info@arrayasolutions.com

  • Careers
  • Privacy Policy
  • Contact Us

© 2025 Arraya Solutions. All rights reserved.

Facebook Twitter YouTube LinkedIn
Manage Cookie Consent
We use cookies to enhance your experience. By selecting “Accept,” you agree to our cookie policy.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}