03-25-2021 06:57 AM
So by default there's not a super clean way to manage this. You can use custom checks on the portal agent configuration assuming that the DLP agent rights something in the registry you can check against, which it should.
Otherwise what you can do is create a security rulebase entry that matches everyone who doesn't have the DLP agent installed and set it to deny all traffic. This would effectively just make it so they aren't able to pass any traffic if they don't have the DLP agent installed. I'd generally recommend at that point that you leave your HIP notification in place so the user knows why their traffic is being dropped, and then use the API to pull these users and forcibly log them out via a scheduled script if you want to go the extra mile.
