Blocking MAB authentication for rogue devices in FortiNAC

Hello community,

Is there a way to block MAB for rogue devices in FortiNAC? 

The issue i'm facing is with a Cisco Switch with the following configuration in the ports

interface GigabitEthernet1/0/9
switchport access vlan 31
switchport mode access
switchport voice vlan 18
authentication host-mode multi-domain
authentication order mab dot1x
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate 180
mab
snmp trap mac-notification change added
snmp trap mac-notification change removed
dot1x pae authenticator
dot1x timeout quiet-period 10
dot1x timeout server-timeout 30
dot1x timeout tx-period 10
spanning-tree portfast

This port is intended to work with MAB for a Phone and with 802.1x for PC, however when a PC with no supplicant with certificate connected to the phone, the switch sends mac to FortiNAC, and I see Login OK with mac address, and therefore the device is able to receive the Default VLAN (in this case VLAN 31 which is the access VLAN), and what I'm looking for is that only Phone (which is registered in FortiNAC DB) gets the authentication via MAB, but not the PC which is a rogue device.

In other ports of the switch where there is no MAB, only dot1x the PC doesn't authenticate, but when connected behind the Phone, it does.

Thanks for your suggestions