Device Security Test
To maintain highly secure environment, administrators should ensure that all devices in the environment are well protected against malware attacks, misconfigurations, and outdated protections. If security checks are not done regularly, the devices may remain vulnerable to attacks, delays in policy enforcement, or failed remediation, which can compromise data, user productivity, and organizational compliance. This is why, administrators should continuously monitor device security to quickly detect risks and enforce security standards before it affects health and security of the target environment. The Device Security test helps administrators in this regard!
This test monitors the devices managed by Microsoft Intune and helps administrators to ensure device protection by tracking the health and effectiveness of security controls across all devices. The metrics reported by this test shed light on devices with disabled or outdated protections, pending scans or reboots, licensing issues, and unresolved threats. By monitoring malware severity and remediation status, the test provides visibility into security gaps, ensuring timely corrective action to keep the environment safe and compliant.
Target of the Test: Microsoft Intune
Agent deploying the test: A remote agent
Output of the test: One set of results for the Microsoft Intune being monitored
| Parameters | Description |
|---|---|
|
Test Period |
How often should the test be executed. |
|
Host |
The host for which the test is to be configured. |
|
Tenant ID |
Specify the Directory ID of the Azure AD tenant to which the target subscription belongs. To know how to determine the Directory ID, refer to Configuring the eG Agent to Monitor Microsoft Azure Intune Using Intune REST API. |
|
Client ID, Client Password, and Confirm Password |
To connect to the target subscription, the eG agent requires an Access token in the form of an Application ID and the client secret value. For this purpose, you should register a new application with the Azure AD tenant. To know how to create such an application and determine its Application ID and client secret, refer to Configuring the eG Agent to Monitor Microsoft Azure Intune Using Intune REST API. Specify the Application ID of the created Application in the Client ID text box and the client secret value in the Client Password text box. Confirm the Client Password by retyping it in the Confirm Password text box. |
|
ProxyHost and ProxyPort |
In some environments, all communication with the Azure cloud be routed through a proxy server. In such environments, you should make sure that the eG agent connects to the cloud via the proxy server and collects metrics. To enable metrics collection via a proxy, specify the IP address of the proxy server and the port at which the server listens against the ProxyHost and ProxyPort parameters. By default, these parameters are set to none, indicating that the eG agent is not configured to communicate via a proxy, by default. |
|
ProxyUsername, ProxyPassword, Confirm Password |
If the proxy server requires authentication, then, specify a valid proxy user name and password in the Proxy Username and Proxy Password parameters, respectively. Then, confirm the password by retyping it in the Confirm Password text box. If no proxy server is used, or if the proxy server used does not require authentication, then the default setting - none - of these parameters, need not be changed. |
|
DD Frequency |
Refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 1:1. This indicates that, by default, detailed measures will be generated every time this test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD frequency. |
|
Detailed Diagnosis |
To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option. The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:
|
| Measurement | Description | Measurement Unit | Interpretation |
|---|---|---|---|
|
Devices in an unhealthy state |
Indicates the number of devices that are not meeting the required security health standards. |
Number |
A value greater than zero is a cause for concern. |
|
Devices with malware protection disabled |
Indicates the devices where antimalware protection is turned off. |
Number |
The detailed diagnosis of this measure lists the ID and name of device, current status of the device, Ioc state of the device, time at which the state was last reported, UPN, name and email ID of user, and product status. It also reveals whether/not the device is virtual machine, if the tamper protection is enabled, and if the device is managed by Ioc. |
|
Devices with malware protection enabled |
Indicates the devices where antimalware protection is enabled. |
Number |
|
|
Devices with signature update overdue |
Indicates the number of devices where malware definitions are outdated and need to be updated. |
Number |
|
|
Devices with real time protection disabled |
Indicates the number of devices where real-time threat detection is currently turned off. |
Number |
|
|
Devices with real time protection enabled |
Indicates the number of devices that are enabled with real-time protection. |
Number |
|
|
Devices with network protection disabled |
Indicates the number of devices where network-level threat protection is not enabled. |
Number |
|
|
Devices with network protection enabled |
Indicates the number of devices where network-level threat protection is enabled. |
Number |
|
|
Devices in Clean and no action is required state |
Indicates the number of devices that are healthy and do not require any security action. |
Number |
|
|
Devices in pending full scan state |
Indicates the number of devices that are waiting for a full malware scan. |
Number |
|
|
Devices in pending reboot state |
Indicates the number of devices that require a reboot to complete security actions or updates. |
Number |
|
|
Devices in pending manual steps state |
Indicates the number of devices that are waiting for manual user/admin intervention. |
Number |
|
|
Devices in pending offline scan state |
Indicates the number of devices that are awaiting for an offline scan. |
Number |
|
|
Devices in Critical failure state |
Indicates the number of devices that are in critical failure state. |
Number |
|
|
Devices with service not running |
Indicates the devices where the security service is stopped or not operational. |
Number |
|
|
Devices with AV signatures out-of-date |
Indicates the number of devices with outdated antivirus definitions. |
Number |
|
|
Devices with AS signatures out-of-date |
Indicates the number of devices with outdated antispyware definitions. |
Number |
|
|
Devices with product running in evaluation mode |
Indicates the number of devices where a trial version of the security product is running. |
Number |
|
|
Devices with product in expired state |
Indicates the number of devices where the license for the security product has expired. |
Number |
|
|
Devices with threat remediation failed critically |
Indicates the devices where threat remediation attempts have failed. |
Number |
|
|
Devices with platform in out-of-date state |
Indicates the number of devices running an outdated version of the security platform. |
Number |
|
|
Devices with platform in about to be outdated state |
Indicates the number of devices nearing an unsupported platform version. |
Number |
|
|
Devices with signature or platform end-of-life is past or is impending state |
Indicates the number of devices where the current protection platform or signature set is already unsupported or about to expire. |
Number |
|
|
Total devices with active malware |
Indicates the number of devices that are currently infected with malware. |
Number |
|
|
Devices with unknown malware severity |
Indicates the number of devices with malware detected but its severity is unknown. |
Number |
|
|
Devices with low malware severity |
Indicates the number of devices affected by a malware with low impact. |
Number |
|
|
Devices with moderate malware severity |
Indicates the number of devices affected by a malware with moderate impact. |
Number |
|
|
Devices with high malware severity |
Indicates the number of devices affected by a malware with high impact. |
Number |
A high value for this measure is a cause for concern. |
|
Devices with severe malware severity |
Indicates the number of devices affected by a malware with severe impact. |
Number |
A non-zero value for this measure is a cause for concern. |
