Compliance Check
更新时间:2023-08-16 18:39:22
1. Usage Scenario
Device compliance check assesses the security posture and adherence to compliance requirements of a device before granting it access to network resources. It ensures that devices meet certain security criteria, such as having up-to-date software patches, antivirus protection, and proper security configurations.
By verifying device compliance, organizations can enforce security policies and ensure that only trusted and compliant devices are allowed access to their network. This helps mitigate the risk of compromised or vulnerable devices accessing sensitive data or resources and reduces the overall attack surface.
Device compliance check is an advanced feature that only offered to Premium users. On ESA, we have pre-configured Windows detect items and Mac detect items for your quick configuration and provide customize option for your self-definition.
2. Operation Steps
2.1) Go to Endpoint Security–> Compliance Check, you will see Config Policy(for Windows /Mac detection items) and Custom Detection Policy tabs.
2.2) On dashboard you will see:
| Field Name | Explanation |
|---|---|
| Effect/Total Policies | Active policies and total policies |
| Compliant Devices | Number of devices that have been checked and passed the detection items |
| Non-compliant Devices | Number of devices that have been checked but failed to pass the detection items |
| Undetected Devices | Number of devices that haven't been checked yet |
2.3) Click New to add new policies for Windows detection and Mac detection.
2.4) On the policy list you will see:
| Field Name | Explanation |
|---|---|
| Default Policy | ESA has pre-configured a default policy with the most frequently used items enabled. We suggest to enable this policy so that the users who are not assigned to a customized policy can be checked with default policy. Default policy cannot be deleted |
| Policy Name | The name of the policy |
| Description | The description of the policy for better understanding |
| Apply to User | The number of the users that have been assigned to the policy. Click on the user number, you can enter a page to add, delete and edit the users to the policy |
| Status | Indicates whether the device is activated or not |
| Operation | Operations supported: Management: enter the policy details to edit the basic information or detect items Enable: activate the policy. After been enabled, assigned users' device will be checked when they login to ESA client or during usage. Disable: deactivate the policy. After been disabled, assigned users' device will not be checked. Delete: delete the policy .After been deleted, the previous assigned users' device will not be checked and the policy configuration will be moved from platform. |