Addigy Compliance continually monitors your devices to ensure they are safe to access your network and corporate resources. When devices fall out compliance, Addigy will take the necessary actions such as generating tickets, alerting admins, perform automated remediations, and if necessary, restricting access to corporate resources.
- Next-Gen Conditional Access for Your Apple Devices
- Add Microsoft Conditional Access via Certificate Check
- Add Microsoft Conditional Access via Azure Integration
Addigy Compliance is configured in the Catalog, where you are used to managing all of the assets in your Addigy environment.
Create your own rules and benchmarks, or use one of our ready-to-deploy benchmarks based on standards (CIS). A Benchmark consists of a bundle of Rules that check individual device states using Addigy Facts and Custom Facts.
Once a benchmark is created, you can assign it to one or more Policies which will deploy it to their devices. Each time a device checks in, Addigy runs an audit that includes any benchmark rules assigned. You can view a device's compliance status on the Devices page and GoLive.
Let’s go over how you can:
- Create a Custom Rule
- Create a Custom Benchmark
- Apply Benchmarks to devices
- View Compliance results
Note: Addigy Compliance can also be accessed via the Addigy API v2. Contact Addigy Support for access to API v2.
Create a rule
The fundamental piece of the Compliance process is a Rule. Rules are very similar to Alerts, they allow you to set up real-time monitoring on a specific device fact along with automated remediation. For example, you can have a Rule that checks whether FileVault is enabled. Rules are then included in one or more Benchmarks.
Create your first Rule by navigating to Catalog -> Compliance -> Rules
Create a Benchmark
Benchmarks consist of any number of Rules. Benchmarks can be created from the Catalog page as well and are how we will group up our Rules. Popular benchmarks such as CIS and NIST are pre-built and maintained by Addigy. Read more about Pre-Built Benchmarks.
To create a custom Benchmark, go to Catalog -> Compliance -> Benchmarks.
Once your benchmark is complete, open the Actions menu to add Rules for the security needs of your organization.
NOTE: Each benchmark has a target OS and min/max versions. Addigy will only run compliance tests on devices that meet the benchmark criteria.
Apply your Benchmark
Now that your benchmark is ready, you can start tracking the compliance of your devices by assigning your benchmark to one or more Policies. Benchmarks can also be added to Flex Policies or your standard Policy Hierarchy.
On the policy view, select Compliance at the bottom of the left navigation bar, select your benchmark for the table and then press the Add/Remove button. Then deploy the policy. The compliance benchmark will run against your devices on their next check-in. (~5 mins)
View Compliance Results
Now that our benchmark is properly applied, let us look at the results. We can view compliance at a high level from the Devices page by adding in the "Compliant" device fact.
You can click on the red/green icons in the Compliant device fact column to get more details on which benchmark is out of compliance and what rules specifically.
Furthermore, you can see the individual status in GoLive
Addigy Compliance allows you to quickly and easily build bundles of monitoring alerts and remediation to keep your devices as safe as possible, while also providing you clear insight into what may be going wrong when devices are out of compliance. This information can be leveraged to move devices around policies to grant/restrict access to certain software and data.