User and Device Compliance

Contents

User and Device Compliance

Description

With this content pack you can define and monitor in real-time your compliance criteria across Windows, Mac OS and Mobile devices. A dedicated section enables you to validate the compliance of mobile users.

How to use it

A) Import the content

Import the Pack that contains Finder and Portal content

B) Configure the "device compliance" dashboard

The dashboard displays a set of key device compliance metrics that can be configured to match the corporate policy. The following table summarizes the available metrics and corresponding configuration options.

Metric Description Configuration Windows black.png Mac black.png Mobile black.png
Non-standard OS Running a non-standard OS can result in security vulnerabilities and various issues as IT services are usually tested on a limited set of operating systems Modify the category (device) OS compliance
Non-corporate browser Running a non-corporate browser can result in security vulnerabilities and various issues as IT services are usually tested on a limited set of browsers Modify the category (binary) Compliance : Corporate browser
Unsupported Adobe Reader Old versions of Adobe Reader are often subject to security vulnerabilities and can cause documents to be formatted incorrectly Modify the category (binary) Support policy : Unsupported Adobe Reader
Unsupported Java Old versions of Java are often subject to security vulnerabilities and can result in incompatibilities with corporate tools Modify the category (binary) Support policy : Unsupported Java
Forbidden applications Certain applications should be forbidden for security, policy or regulatory reasons. Examples include Dropbox, torrent, ... Modify the category (binary) Compliance : forbidden binaries
Without corporate antivirus Devices without a corporate antivirus represent a security risk Modify the category (package) Compliance : Corporate AV
Antivirus issues Even if a device has the corporate security solution installed, it is important to verify that this product is working correctly n/a
Antispyware issues
Firewall issues
OS not updated for at least 30 days Devices not updated in a long time represent a security risk Modify the metric
Not rebooted for at least 30 days Windows update and security patches often require a device reboot to become effective Modify the metric
Windows license not activated Non-activated Windows licenses can imply regulatory issues n/a
Policy not fully applied or enforced Mobile devices allowed to connect but where the security policy is not necessarily completely applied n/a
Policy not enforced Mobile devices allowed to connect but where the security policy is not enforced n/a
Personal exemption Mobile devices allowed to connect because of an exemption to a particular user. Depending on the policy, this might indicate an abuse. n/a
No encryption required If one or more of these policies are not required or applied and the device is lost or stolen, then corporate data might leak n/a
No password required
Email attachment enabled
No SD card encryption required

C) Configure the "Mobile user compliance" dashboard

The dashboard displays a set of key device compliance metrics related to mobile users that can be configured to match the corporate policy. The following table summarizes the available metrics and corresponding configuration options.

Metric Description Configuration Windows black.png Mac black.png Mobile black.png
Users with more than 2 mobile devices In general users have one or two mobile devices (for instance a phone and a tablet). If a user has more than two, this might indicate a lost or sold device that still has corporate access. Additionally the more mobile devices a user has, the higher are the associated risks such as obsolete OS, unauthorized access to the device, ... Modify the metric
Users with more than 1 laptop In general users have at most one laptop. If a user has more than one, this might indicate a lost or sold device that still has corporate access Modify the metric
Local users with administrator privileges Most users should not be allowed to login with a local user account with administrator privileges Modify the metric

The mobile usage section shows the evolution of users with mobile devices in three possible states: allowed, quarantined, blocked. The evolution should be tracked to validated that mobile device adoption matches the corporate policy.

Platforms

  • Windows
  • Mac OS
  • Mobile

License modules

  • None

Compatibility

  • Nexthink v6.0 and later