Thread Info
  • State Not Answered
  • Replies 3 replies
  • Subscribers 13 subscribers
  • Views 831 views
  • Users 0 members are here
Options
Suggested

Isolate device flag/trigger for stale devices?

LCT-SM

Hi, we have a requirement to disable stale PCs that have not talked back in 30 x days. We automate the disabling of the ad device object. However, if a device is subsequently turned on by a user AND logs on via cached creds. they can use/access the pc

We tried to use isolate device to effectively block the pc but appears that the isolate flag reverses if set on a device that doesn't contact central for a few days. 

Is this normal, as would seem it reduces the effectiveness of isolation? 

Is there an option to set a policy that isolates a device when it does talk back as an alternative?

Regards



Added tags
[edited by: Gladys at 11:27 AM (GMT -8) on 5 Mar 2024]
Parents
  • 0

    Hi, thanks for the reply. In this example we do have auto isolation set BUT for stale devices, we are manually isolating the device.

    Sophos shows the endpoint as isolated but as the device may be isolated whilst it is offline eventually (after a few days it seems) as the device still hasn't come online, we notice the admin isolation has turned off and is no longer showing as isolated.

Reply
  • 0

    Hi, thanks for the reply. In this example we do have auto isolation set BUT for stale devices, we are manually isolating the device.

    Sophos shows the endpoint as isolated but as the device may be isolated whilst it is offline eventually (after a few days it seems) as the device still hasn't come online, we notice the admin isolation has turned off and is no longer showing as isolated.

Children
No Data
Unfiltered HTML