User and Device Compliance
User and Device Compliance
With this content pack you can define and monitor in real-time your compliance criteria across Windows, Mac OS and Mobile devices. A dedicated section enables you to validate the compliance of mobile users.
How to use it
A) Import the content
Import the Pack that contains Finder and Portal content
B) Configure the "device compliance" dashboard
The dashboard displays a set of key device compliance metrics that can be configured to match the corporate policy. The following table summarizes the available metrics and corresponding configuration options.
|Non-standard OS||Running a non-standard OS can result in security vulnerabilities and various issues as IT services are usually tested on a limited set of operating systems||Modify the category (device) OS compliance||✓||✓||✓|
|Non-corporate browser||Running a non-corporate browser can result in security vulnerabilities and various issues as IT services are usually tested on a limited set of browsers||Modify the category (binary) Compliance : Corporate browser||✓||✓|
|Unsupported Adobe Reader||Old versions of Adobe Reader are often subject to security vulnerabilities and can cause documents to be formatted incorrectly||Modify the category (binary) Support policy : Unsupported Adobe Reader||✓||✓|
|Unsupported Java||Old versions of Java are often subject to security vulnerabilities and can result in incompatibilities with corporate tools||Modify the category (binary) Support policy : Unsupported Java||✓|
|Forbidden applications||Certain applications should be forbidden for security, policy or regulatory reasons. Examples include Dropbox, torrent, ...||Modify the category (binary) Compliance : forbidden binaries||✓||✓|
|Without corporate antivirus||Devices without a corporate antivirus represent a security risk||Modify the category (package) Compliance : Corporate AV||✓||✓|
|Antivirus issues||Even if a device has the corporate security solution installed, it is important to verify that this product is working correctly||n/a||✓|
|OS not updated for at least 30 days||Devices not updated in a long time represent a security risk||Modify the metric||✓|
|Not rebooted for at least 30 days||Windows update and security patches often require a device reboot to become effective||Modify the metric||✓|
|Windows license not activated||Non-activated Windows licenses can imply regulatory issues||n/a||✓|
|Policy not fully applied or enforced||Mobile devices allowed to connect but where the security policy is not necessarily completely applied||n/a||✓|
|Policy not enforced||Mobile devices allowed to connect but where the security policy is not enforced||n/a||✓|
|Personal exemption||Mobile devices allowed to connect because of an exemption to a particular user. Depending on the policy, this might indicate an abuse.||n/a||✓|
|No encryption required||If one or more of these policies are not required or applied and the device is lost or stolen, then corporate data might leak||n/a||✓|
|No password required|
|Email attachment enabled|
|No SD card encryption required|
C) Configure the "Mobile user compliance" dashboard
The dashboard displays a set of key device compliance metrics related to mobile users that can be configured to match the corporate policy. The following table summarizes the available metrics and corresponding configuration options.
|Users with more than 2 mobile devices||In general users have one or two mobile devices (for instance a phone and a tablet). If a user has more than two, this might indicate a lost or sold device that still has corporate access. Additionally the more mobile devices a user has, the higher are the associated risks such as obsolete OS, unauthorized access to the device, ...||Modify the metric||✓|
|Users with more than 1 laptop||In general users have at most one laptop. If a user has more than one, this might indicate a lost or sold device that still has corporate access||Modify the metric||✓||✓|
|Local users with administrator privileges||Most users should not be allowed to login with a local user account with administrator privileges||Modify the metric||✓||✓|
The mobile usage section shows the evolution of users with mobile devices in three possible states: allowed, quarantined, blocked. The evolution should be tracked to validated that mobile device adoption matches the corporate policy.
- Mac OS
- Nexthink v6.0 and later