Adding a Device Posture Profile

Specify security-related criteria to check the security posture of devices.

  1. On the Device Posture Profiles screen, click Add Device Posture Profile.

    The Add Device Posture Profile screen appears.

  2. Specify a unique name and a description for the profile.
  3. Go to the tab for the operating system you want the profile to check. Then select the corresponding setting.
    • For Windows, select Check Windows devices.
    • For macOS, select Check macOS devices.
    • For Android, select Check Android devices.
    • For iOS, select Check iOS devices.
  4. For devices with Windows or macOS, specify the following criteria.

    Criterion

    Description

    The device is running one of the specified OS versions

    Check whether the device is running on a required operating system version.

    If the option is enabled, select or specify a minimum version number of the corresponding operating systems. For example, Redstone 5 or 11.0.22000.376 for Windows, 10.15 or 10.15.1 for macOS.

    Note:

    For macOS, only 10.15 and above are supported.

    A device installed with the specified version or later passes the check.

    The company CA certificate is present in the Trust Store

    Check that your organization's CA certificate is present in the Trust Store.

    Specify the Certificate common name and Certificate thumbprint.

    For Windows OS, specify the Certificate location on the endpoint.

    The client certificate is signed by company's CA

    Check that the client certificate on the device is signed by your organization's CA certificate.

    Specify the Issuer common name and Issuer certificate thumbprint.

    For Windows OS, specify the Certificate location on the endpoint.

    The specified file is present on the device

    Check that the specified file is present on the device at the specified file path.

    For Windows, specify the full file name with file extension, including the drive location, in the file path. For example, C:\Program Files(x86)\Example\example.txt

    For macOS, specify the full file path and file name with file extension. For example, /Users/ExampleUser/Desktop/Example/example.txt

    Firewall is turned on for the connected network

    Check whether the firewall state is on for the network that the device is connecting to, that is, public networks, private networks, or domain networks.

    Vulnerability detection is enabled

    Check whether vulnerability detection is enabled on the device.

    Vulnerability detection requires that you enable Vulnerability Detection on target endpoints in the Security Policies app. For more information, see Endpoint Security Policies.

    Important:
    • This option is supported on Windows only.

    • This feature is undergoing temporarily testing, therefore vulnerability detection being enabled or disabled will not affect the device posture profile. In other words, devices with vulnerability detection disabled may still be matched to this profile.

    If this option is enabled, optionally configure the following settings:

    • Global exploit activity of detected vulnerabilities: Select to check whether the global exploit activity level of vulnerabilities detected on the device meets the specified threshold.

    • Specified vulnerabilities not detected: Select to check whether the device does not have the specified vulnerabilities.

      Type one or several vulnerability IDs in the text box. Example of an vulnerability ID: CVE-2020-1472

    For more information about at-risk vulnerabilities, see Vulnerability Detection in the Operations Dashboard app.

    Antivirus software from one of the specified vendors is installed/running

    Check whether any of the antivirus software from the specified vendors is installed or running on the device.

    If the option is enabled, type the vendor names in the text box and press Enter.

    For the list of supported vendors, see List of Supported Vendors.

    Note:

    For Windows, Zero Trust Secure Access checks antivirus software installation status on Windows Server, and checks antivirus software running status on Windows Desktop.

    For macOS, Zero Trust Secure Access checks the running status of antivirus software from Trend Micro, and checks the installation status of antivirus software from other vendors.

    An EDR solution from one of the specified vendors is running

    Check whether any of the EDR solutions from the specified vendors is running on the device.

    If the option is enabled, type the vendor names in the text box and press Enter.

    For the list of supported vendors, see List of Supported Vendors.

    The device has joined your domain

    Check whether the device has joined the domain of your organization.

    If the option is enabled, specify one or multiple domains owned by your organization for posture validation check.

    Screen lock is enabled

    Check whether the screen lock is enabled on the device.

    (For Windows) Full disk encryption with BitLocker is turned on

    (For macOS) FileVault is turned on

    Check whether the disk encryption is enabled on the device.

  5. Click Save.