NimbostratusMy organisation is planning to use f5 for posture checking end points to confirm the device is managed. What checks are most common and the best ones to use?
Also when a posture check fails such as antivirus is out of date. What are people doing to remediate this. What solutions are in use.
EmployeeIn my experience, the most common posture checks to start out with are OS version, Antivirus running (any or a specific "corporate approved one"), age of AV database, ensure Firewall process is running.
Depending on the specific failure, you can provide different error messages for end users and not allow them in, or I've seen many allow them in, but only provide them access to a portal access website which exists within the organization and shows them how to remediate themselves. Another option is to redirect to an external website that is set up with remediation assistance.
Those things can all be configured through the Access Policy as fallback events to a check.
EmployeeIf I may add, best practice probably depends most on corporate or unmanaged device security policy. If you're checking corporate devices, you could plant machine certificates and also check file/folder/registry/antivirus. Given some corporate standard antivirus version, you could also host updates and software via 11.4+ APM Hosted Content. For unmanaged devices you might consider simply a landing page with instructions and links to get patches/updates/av/fw software.
NimbostratusWe are planning to have a landing page with limited access corp email/intranet. The links and additional instructions on how to update the device are interesting. We have 11.4.1 installed and the APM hosted content looks interesting. Have you got any more information on that subject?