When conducting an integrity check
SecureCloud assesses whether a
machine conforms to the rules specified in the assigned policy. In the
Web Console, a machine's integrity status
appears as one of the following:
-
Good: The machine conforms to all rules in the policy.
-
Bad: The machine does not conform to one or more of the rules in the
policy.
-
Unknown: The machine is assigned to a policy that has no rules, or
the integrity check occurred while the SecureCloud Agent during device encryption.
When a machine's integrity changes from Good to Bad
SecureCloud does one of the
following:
-
Change the host's encryption key status to Pending.
A SecureCloud
Administrator can then investigate what caused the integrity status to change,
and decide whether to approve or deny the Pending encryption key
request or to revoke the encryption key.
-
Automatically revoke the machine's encryption key.
This can have serious consequences for machines, so there is an option in SecureCloud to postpone
revocation for a specified period of time. A SecureCloud
Administrator can then investigate what caused the integrity status to change
and attempt to re-establish the machine's compliance with the policy.
SecureCloud takes no action if a
machine's integrity remains Good or Bad from one integrity
check to the next.
SecureCloud immediately checks a
machine's integrity when the SecureCloud Agent
starts. Administrators can also schedule SecureCloud to perform integrity checks at a specified time or run
integrity checks on demand.
Administrators can configure SecureCloud to issue a notification email when a machine's integrity
changes from Good to Bad. The following is an example of a
notification email message:
