Compliance Check

最終更新日:2023-08-16 18:39:22

1. Usage Scenario

Device compliance check assesses the security posture and adherence to compliance requirements of a device before granting it access to network resources. It ensures that devices meet certain security criteria, such as having up-to-date software patches, antivirus protection, and proper security configurations.

By verifying device compliance, organizations can enforce security policies and ensure that only trusted and compliant devices are allowed access to their network. This helps mitigate the risk of compromised or vulnerable devices accessing sensitive data or resources and reduces the overall attack surface.

Device compliance check is an advanced feature that only offered to Premium users. On ESA, we have pre-configured Windows detect items and Mac detect items for your quick configuration and provide customize option for your self-definition.

2. Operation Steps

2.1) Go to Endpoint Security–> Compliance Check, you will see Config Policy(for Windows /Mac detection items) and Custom Detection Policy tabs.
China Premium Service控制台自助配置功能上线

2.2) On dashboard you will see:

Field Name Explanation
Effect/Total Policies Active policies and total policies
Compliant Devices Number of devices that have been checked and passed the detection items
Non-compliant Devices Number of devices that have been checked but failed to pass the detection items
Undetected Devices Number of devices that haven't been checked yet

2.3) Click New to add new policies for Windows detection and Mac detection.

2.4) On the policy list you will see:

Field Name Explanation
Default Policy ESA has pre-configured a default policy with the most frequently used items enabled. We suggest to enable this policy so that the users who are not assigned to a customized policy can be checked with default policy. Default policy cannot be deleted
Policy Name The name of the policy
Description The description of the policy for better understanding
Apply to User The number of the users that have been assigned to the policy. Click on the user number, you can enter a page to add, delete and edit the users to the policy 
Status Indicates whether the device is activated or not 
Operation 
Operations supported: 
Management: enter the policy details to edit the basic information or detect items
Enable: activate the policy. After been enabled, assigned users' device will be checked when they login to ESA client or during usage. 
Disable: deactivate the policy. After been disabled, assigned users' device will not be checked.
Delete: delete the policy .After been deleted, the previous assigned users' device will not be checked and the policy configuration will be moved from platform.