Device Check Explained

Device Check Explained

InstaSafe Secure Access (ISA) allows administrators to define rules that check endpoint devices for mandatory compliances. These rules determine whether a device is allowed to connect. As a result, non-compliant endpoints are prevented from accessing corporate resources.

On the ISA web console, administrators can create objects for each type of Device Checks. For more information on configuring Device Checks, refer to the KB article Configuring Device Checks for Windows Clients.

Examples of Device Check

Sr. No.
Device Check Object Criteria
Device Check
Device Check Value
1
User group with all computers joined to the domain alphatech.com
DomainName
alphatech.com
2
User group with all computers joined to the domain technova.com
DomainName
technova.com
3
User group with all computers either joined to alphatech.com or technova.com
DomainName
alphatech.com| technova.com
4
User group with all computers installed with McAfee
Antivirus
McAfee
5
User group with all computers installed with Trend Micro
Antivirus
Trend Micro
6
User group with computers having either McAfee or Trend Micro
Antivirus
McAfee|Trend Micro
7
User group with all computers installed with OS version Windows 10
OS Version
10
8
User group with all computers installed with OS version Windows 8
OS Version
8
9
User group with computers installed with either OS version Windows 10 or 8
OS Version
10|8

Imagine a scenario where Device Check needs to be performed on a user group with the following criteria:
  • Users must have either Windows 8 or Windows 10 OS versions.

  • Users must be joined to the 'alphatech.com' domain.

  • Users must have either McAfee or Trend Micro Endpoint Protection installed.

To meet these criteria, using the table above, the following Device Checks can be configured for the user group:

(Device Check Object 9) &&

(Device Check Object 1) && 

(Device Check Object 6

  • && refers to logical AND operation. This means that even if one of the above checks doesn’t hold true, Device Checks will not permit the user to connect the ISA Agent from that device

  • Device Checks can be applied individually for specific users, instead of at the user group level

  • Device Check objects of the same type must be configured with one single rule when applied to a user or user group. For example:

    • To check for installed antivirus software, do not assign two separate Device Check objects to a user or group, one for McAfee and another for Trend Micro. Instead, create a single object with the 'Check Value' set to 'McAfee|Trend Micro' and apply it to the user or user group.