I am trying to set up a policy that will check if you have a company issued machine cert on your client. I do not want the policy to deny access if you don't have a company issued machine cert. When I enable the policy and only set it to evaluate When testing I get prompted to install the missing certificate. I do not want non-company assets to get this option. Can anyone point me in the right direction for this?
Evaluate: Check the posture, record result, and inform user of the reason for failure (if there are any required policies listed); but access is granted. Evaluation must happen on the realm.
Enforce: check the posture, record the result, and deny access if the user fails; a message will be presented with why they failed (if reason strings are enabled) for the reason of failure. Enforcement can be on the realm or the role.
How many realms are you using (2 would be best to reduce the likelihood of users getting a message for needing to install the certificate).