LDAP authentication is required for all the users. On top of that, we also want to restrict access to only certified devices for employees (must use company machines) but not contractors (can use private machines). Device certifications are pushed out through GPO to company devices. Employees and contractors belong to different AD user groups. How can it be done?
If I understand correctly, to use HIP we would have to plant a registry entry to identify those interested machines and then use security policy to control what they are allowed or not allowed to access. GP only collects HIP data but not doing any access controls which is not an ideal solution I am looking for.
Portal allows multiple Client Authentication and multiple Agent. Somewhere in there I believe can do what I am looking for somehow.
Following on from @Sec101 it is true that GP only collects the HIP data, but that data can then be used in a security policy to allow or deny the traffic based on the information contained within, so for instance in this case I would check for the certificate and put a security policy that allows the traffic for that group including the HIP check in the policy, if the device fails the HIP check the firewall will fall through to a rule underneath that could pick up the remaining users and provide that connectivity.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!