Thread Info
  • State Not Answered
  • Replies 3 replies
  • Subscribers 13 subscribers
  • Views 830 views
  • Users 0 members are here
Options
Suggested

Isolate device flag/trigger for stale devices?

LCT-SM

Hi, we have a requirement to disable stale PCs that have not talked back in 30 x days. We automate the disabling of the ad device object. However, if a device is subsequently turned on by a user AND logs on via cached creds. they can use/access the pc

We tried to use isolate device to effectively block the pc but appears that the isolate flag reverses if set on a device that doesn't contact central for a few days. 

Is this normal, as would seem it reduces the effectiveness of isolation? 

Is there an option to set a policy that isolates a device when it does talk back as an alternative?

Regards



Added tags
[edited by: Gladys at 11:27 AM (GMT -8) on 5 Mar 2024]
Parents
  • 0

    Thank you for reaching out to the community forum.

    Can you confirm if you have activated the Auto Isolation option on your Sophos Central? Or are you using Admin Isolation for those devices that aren’t online for more than 30 days? 

    When you mentioned  "Isolate Flag Reverses," do you mean that after the user turns on the device, it can connect to the internet immediately and update? By default, the devices that are offline for more than 30 days will show a red status on the endpoint UI, and if Auto Isolation is enabled it’ll remain isolated until further action is taken. 
    Does the device you've observed where Isolation didn't work under the same Policy where auto-isolation is turned on? 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply
  • 0

    Thank you for reaching out to the community forum.

    Can you confirm if you have activated the Auto Isolation option on your Sophos Central? Or are you using Admin Isolation for those devices that aren’t online for more than 30 days? 

    When you mentioned  "Isolate Flag Reverses," do you mean that after the user turns on the device, it can connect to the internet immediately and update? By default, the devices that are offline for more than 30 days will show a red status on the endpoint UI, and if Auto Isolation is enabled it’ll remain isolated until further action is taken. 
    Does the device you've observed where Isolation didn't work under the same Policy where auto-isolation is turned on? 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Children
No Data
Unfiltered HTML