12-23-2019 09:16 AM - edited 01-23-2020 06:49 AM
Hi all,
this post to explane my problem with "Posture Assessment by Endpoint" (Posture Policy Details section).
Our LAB policy deployment is built for mainly 2 kind of endpoints: Corparate laptop and Unmanaged laptop
We built posture policies based on Anti-Malware condition that correctly matches.
In attachement 2 captures of resulting report of carporate and unmanaged PCs.
-> My problem is that I cant understand why there are no Posture Policy Details in reports generated for unmanaged PCs. Instead report for corporate PCs are complete of matched posture conditions / skipped or failed.
For unmanaged PCs we only match ANY AntiMalware installed and ANY AntiMalware defined. I already tryed to match punctually the default Windows AM (Win Defender). It was matching correctly but still no details in posture report.
Any suggestion?
Regards and happy holidays
12-23-2019 09:00 PM
12-24-2019 01:40 AM - edited 01-23-2020 06:50 AM
Thanks Francesco for your interest,
here I attach for you some of required screen-captures.
Hope it's enough.
regards,
Andrea
12-24-2019 12:17 PM
12-25-2019 02:55 AM
12-26-2019 09:17 PM
12-27-2019 02:58 AM - edited 12-27-2019 04:33 AM
When connecting with an unmanaged pc, the anyconnet client only shows me that I'm compliant.
I'm matching for sure all conditions in my requirements because of the AND operator between them:
abc_Unmanaged_Windows_AM_Installation & abc_Unmanaged_Windows_AM_Definition
I add here some details from a debug I made.
Attribute:AMInstalled value:Windows Defender\;4.18.1902.5\;1.307.1230.0\;12/27/2019\; Attribute:BYODRegistration value:Unknown Attribute:DeviceCompliance value:Compliant Attribute:DeviceRegistrationStatus value:NotRegistered Attribute:EndPointPolicy value:Unknown Attribute:EndPointPolicyID value: Attribute:EndPointSource value:RADIUS Probe Attribute:IdentityGroup value: Attribute:IdentityGroupID value: Attribute:IpAddress value:xxxx Attribute:MACAddress value:#My_MAC_Address# Attribute:MacAddress value:#My_MAC_Address# Attribute:MatchedPolicy value:Unknown Attribute:MatchedPolicyID value: Attribute:MessageCode value:8700 Attribute:NetworkDeviceGroups value:Location#All Locations#xxxx#xxxx#xxxx#xxxx Attribute:NmapSubnetScanID value:0 Attribute:OUI value:Liteon Technology Corporation Attribute:OperatingSystem value:Windows 10 Professional 64-bit Attribute:PRAAction value:N/A Attribute:PRAEnforcementFlag value:false Attribute:PRAGraceTime value:0 Attribute:PRAInterval value:0 Attribute:PolicyVersion value:0 Attribute:PortalUser value: Attribute:PostureAgentVersion value:AnyConnect Posture Agent for Windows 4.8.01090 Attribute:PostureApplicable value:Yes Attribute:PostureOS value:Windows 10 Professional 64-bit Attribute:PostureStatus value:Compliant Attribute:RequestTime value:1577447567869 Attribute:ResponseTime value:1577447567896 Attribute:SessionId value:be191d0a0003cfafc6e6055e Attribute:StaticAssignment value:false Attribute:StaticGroupAssignment value:false Attribute:SystemDomain value:xxxx.local Attribute:SystemName value:PC-NAC Attribute:SystemUser value:xxxx Attribute:SystemUserDomain value:xxxx Attribute:Total Certainty Factor value:0 Attribute:UserAgreementStatus value:NotEnabled Attribute:UserName value:xxxx Attribute:operating-system-result value:Windows 10 Professional 64-bit Attribute:SkipProfiling value:false .... Attribute:BYODRegistration value:Unknown Attribute:DeviceCompliance value:Compliant Attribute:DeviceRegistrationStatus value:NotRegistered Attribute:EndPointProfilerServer value:xxxx Attribute:EndPointSource value:RADIUS Probe Attribute:MACAddress value:#My_MAC_Address# Attribute:MessageCode value:8700 Attribute:NmapSubnetScanID value:0 Attribute:OUI value:Liteon Technology Corporation Attribute:PolicyVersion value:0 Attribute:PortalUser value: Attribute:PostureApplicable value:Yes Attribute:PostureOS value:Windows 10 Professional 64-bit Attribute:PostureStatus value:Compliant Attribute:UserName value:xxxx Attribute:operating-system-result value:Windows 10 Professional 64-bit Attribute:SkipProfiling value:false
12-29-2019 06:36 PM
01-02-2020 02:55 AM - edited 01-17-2020 11:43 AM
Hi,
nope, I cannot validate your assumpion. On AC Secure Mobility Client installed on coparate and unmanaged PCs using the same versione (4.8.01090), we have no evidence of posture rules or requirements matched during posture process, also clicking on the little gear in AC window, no useful details are provided for this.
Instead I can confirm you that ISE assigns me a temporary NotCompliant or Pending posture status (for both coparate and unmanaged), than posture check runs, I get confirmation that all PCs are compliant and generates its internal posture report (still only missing details for unmanaged PCs)
Could there be maybe something on clients blocking the "GET" of these infos?
Because the distinction is very clear: managed posture detail OK (not admin, win10, AC installed via SCCM)
unmanaged posture detail N/A (admin/not admin, win10, AC installed via ClienProvis.)
Maybe something related to XML files generated in the AC installation folders..
Thanks
01-02-2020 06:26 AM
01-18-2020 06:00 PM
Please ensure the condition you are trying to match as unmanaged in ISE posture policies is also present in authorization policy rule to match the unmanaged devices. Otherwise, ISE posture would not be able to use it.
01-17-2020 11:45 AM - edited 01-17-2020 11:46 AM
Hello,
did you kindly find the tiime to replicate or any other advice?
Thank you
01-19-2020 03:48 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide