Thread Info
  • State Not Answered
  • Replies 3 replies
  • Subscribers 13 subscribers
  • Views 782 views
  • Users 0 members are here
Options
Suggested

Isolate device flag/trigger for stale devices?

LCT-SM

Hi, we have a requirement to disable stale PCs that have not talked back in 30 x days. We automate the disabling of the ad device object. However, if a device is subsequently turned on by a user AND logs on via cached creds. they can use/access the pc

We tried to use isolate device to effectively block the pc but appears that the isolate flag reverses if set on a device that doesn't contact central for a few days. 

Is this normal, as would seem it reduces the effectiveness of isolation? 

Is there an option to set a policy that isolates a device when it does talk back as an alternative?

Regards



Added tags
[edited by: Gladys at 11:27 AM (GMT -8) on 5 Mar 2024]
  • 0

    Thank you for reaching out to the community forum.

    Can you confirm if you have activated the Auto Isolation option on your Sophos Central? Or are you using Admin Isolation for those devices that aren’t online for more than 30 days? 

    When you mentioned  "Isolate Flag Reverses," do you mean that after the user turns on the device, it can connect to the internet immediately and update? By default, the devices that are offline for more than 30 days will show a red status on the endpoint UI, and if Auto Isolation is enabled it’ll remain isolated until further action is taken. 
    Does the device you've observed where Isolation didn't work under the same Policy where auto-isolation is turned on? 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0

    Hi, thanks for the reply. In this example we do have auto isolation set BUT for stale devices, we are manually isolating the device.

    Sophos shows the endpoint as isolated but as the device may be isolated whilst it is offline eventually (after a few days it seems) as the device still hasn't come online, we notice the admin isolation has turned off and is no longer showing as isolated.

  • 0

    Also, ref below, I'm certain that devices that haven't connected in 30 days do not have a red status/auto isolate?

    We basically want to isolate a device that's likely offline and ensure that if it ever comes back online, it remains isolated I told we un isolate. Thanks

    "By default, the devices that are offline for more than 30 days will show a red status on the endpoint UI, and if Auto Isolation is enabled it’ll remain isolated until further action is taken. "

Unfiltered HTML