Device posture configuration overview¶
Use the Device Posture tab to set the trust policies for devices in your workspace.
These settings constitute the criteria that a user's device (laptop, virtual machine, or desktop) must meet in order to access applications. According to the policy enforced, Coro collects and inspects security-related data from the connected devices.
The full set of criteria that constitute a device posture are:
- UAC Notification Missing (Windows)
- Device Password Missing
- Firewall Disabled
- Unencrypted Endpoint Drive
- Development Mode Enabled (Windows)
- Non-genuine Windows Copy (Windows)
- Remote Password & Session Locking
- Wi-Fi Connection
- USB Lockdown
- Gatekeeper Disabled (macOS)
- Apple Mobile File Integrity Disabled (macOS)
- System Integrity Protection Disabled (macOS)
Info
Some criteria do not apply to certain operating systems. Review the UI page for the most up-to-date list.
Device posture policies can be configured and applied to groups of devices by setting device labels (predefined or custom) against each policy criteria. Labels allow you to apply a policy to all Windows or macOS devices only, or to a custom group of devices all containing the same label. Through this mechanism, you could apply a device posture policy to all devices within a particular department of your organization.
Policies can be checked by selecting the dropdown icon next to the criteria name:
Device labels configured for the criteria are displayed, as well as the policy remediation action (where applicable):
Note
Policy remediation actions are not applicable to Sensitive Data Scans, Remote Password & Session Locking, and Wi-Fi Connection policies.
Editing an existing policy¶
To edit an existing device posture policy:
-
Select the three-dot menu to display policy options:
-
Select Edit policy:
-
Select the remediation action for the policy:
The following remediation actions can be selected (depending on the policy):
-
Review: No auto-remediation is performed, and the ticket is classified as requiring review. The ticket remains open until either the admin user closes it manually or the vulnerability is observed by the Coro endpoint agent as being resolved.
-
Enforce: Auto-remediation is performed, recorded in the ticket, and the ticket is auto-closed.
Note
After creating a workspace for new customers, the system defaults all Device Posture settings to Review. This allows you to configure your Device Posture settings based on your preferences and security requirements.
For existing customers, your current Device Posture settings will remain unchanged and are not be affected by this feature.
-
-
Select device labels to apply to the policy from the Apply policy to devices with these labels field:
-
Select SAVE to apply your changes.