Captive Portal is a network authentication method that forces the users to go to an authentication page in order to connect to the Internet, setting up in consequence, a timeout. It means that after a certain time, the user will be alerted and required to revalidate their login on the authentication webpage to keep connected to the Internet.
The validation will expire when the devices are not being used and, consequently, no MDM commands or push notifications will be applied to those devices.
That's why our suggestion is whenever possible, do not use Captive Portal for the network in your organization. Instead, use any other methods of validation, such as a password, Mac Address, and/or installed management profile.
If you have no other options, our recommendation is to keep the Captive Portal only for the public networks, as the visitors or guest network.