InstaSafe Secure Access (ISA) allows administrators to define rules that check endpoint devices for mandatory compliances. These rules determine whether a device is allowed to connect. As a result, non-compliant endpoints are prevented from accessing corporate resources.
On the ISA web console, administrators can create objects for each type of Device Checks. For more information on configuring Device Checks, refer to the KB article Configuring Device Checks for Windows Clients.
Sr. No. | Device Check Object Criteria | Device Check | Device Check Value |
1 | User group with all computers joined to the domain alphatech.com | DomainName | alphatech.com |
2 | User group with all computers joined to the domain technova.com | DomainName | technova.com |
3 | User group with all computers either joined to alphatech.com or technova.com | DomainName | alphatech.com| technova.com |
4 | User group with all computers installed with McAfee | Antivirus | McAfee |
5 | User group with all computers installed with Trend Micro | Antivirus | Trend Micro |
6 | User group with computers having either McAfee or Trend Micro | Antivirus | McAfee|Trend Micro |
7 | User group with all computers installed with OS version Windows 10 | OS Version | 10 |
8 | User group with all computers installed with OS version Windows 8 | OS Version | 8 |
9 | User group with computers installed with either OS version Windows 10 or 8 | OS Version | 10|8 |
Users must have either Windows 8 or Windows 10 OS versions.
Users must be joined to the 'alphatech.com' domain.
Users must have either McAfee or Trend Micro Endpoint Protection installed.
To meet these criteria, using the table above, the following Device Checks can be configured for the user group:
(Device Check Object 9) &&
(Device Check Object 1) &&
(Device Check Object 6)
&& refers to logical AND operation. This means that even if one of the above checks doesn’t hold true, Device Checks will not permit the user to connect the ISA Agent from that device
Device Checks can be applied individually for specific users, instead of at the user group level
Device Check objects of the same type must be configured with one single rule when applied to a user or user group. For example:
To check for installed antivirus software, do not assign two separate Device Check objects to a user or group, one for McAfee and another for Trend Micro. Instead, create a single object with the 'Check Value' set to 'McAfee|Trend Micro' and apply it to the user or user group.