In this article, we guide you on how to check the compliance status of your devices and apply compliance policies to them using Swif. Here are the benchmarks (followed by the CIS benchmark) Swif applies to:
Security patches auto-applied
Requirement: Check if the software update policy has been deployed to the device and the device is enforced to update to the last OS version
Screensaver lock required
Requirement: Check if the screen saver policy has been deployed to the device and the password is asked when waking up from the screensaver.
Hard disk encryption
Requirement: Check if FileVault or Bitlocker policy has deployed to the device and the encrypted disk is enforced
Password policy
Requirement: Check if Password policy has deployed to the device with these settings
Eight (8) or more characters, one upper case, one number
Note, you can always adjust the settings of each policy to meet your requirements.
Let's dive into the exploration of the new compliance checklist UI with this guide. This tool provides a swift and straightforward way to perform compliance readiness checks for specific devices.
Begin by hovering over the compliance status to view the existing compliance measures and those that need application.
Checking Compliance Status
Step 1: Hover over the compliance status.
This action displays the current compliance status of the device.
Step 2: Click on the compliance status.
This action opens the compliance panel on the right, allowing for a review of the requirements for macOS or Windows devices.
Compliance Requirements for macOS and Windows Devices
For macOS devices, requirements include the CIS benchmark policies. Windows devices require BitLocker to be enabled as well as the Windows password policy.
Step 1: Review the requirements for macOS devices.
Step 2: For an uninstalled policy, click Apply policy to apply to a device. (P.S. We recommend using the Device group to automate the policies deployment.)
Step 3: Select the corresponding device to enable compliance readiness. After this, click save.
The applied compliance policy on the device is now visible. Repeat this process for any remaining incomplete compliance measures.
Step 4: Apply the remaining policies.
Enabling device encryption may take some time. Wait for the agent to enable the FileVault encryption on the device before checking the device compliance readiness again. The macOS password policy can also be applied to the device.
After a while, the device encryption will be enabled and the device security compliance will be ready.
Step 5: Check the device compliance readiness.
The device is now compliant.
Compliance Checklist for Windows Devices
The same checklist applies to Windows devices. Check this in the security tabs of the detailed device page. Apply any missing policies to make the device compliant. Once all necessary policies are installed on the device, it will be compliant.
For Windows devices, the BitLocker policy must be turned on and the screen server with the power policy needs to be installed. Once all necessary compliances are satisfied, the device is fully compliant.
This guide concludes on how to check device compliance readiness. Refer to this guide as needed.