Configuring the Atmos Agent Device Posture

The Atmos Agent Device Posture conditions access based on findings from the Atmos Agent, leveraging OSQuery to collect the data on the endpoint. To create an Atmos Agent device posture, make sure you have the Atmos Agent Installed.

📘

Important

If you are deploying device posture using the domain joined check option, see Key Considerations for using Device Posture and Domain Joined Check.

  • Click here to learn more about installing the Atmos Agent on a Windows computer
  • Click here to learn more about installing the Atmos Agent on a Macintosh computer
  • Click here to learn more about installing the Atmos Agent on an iOS device

The process of configuring the Atmos Agent Device Posture includes two steps:

  1. Creating a Device Posture Object
  2. Adding a Policy Rule

Creating a Device Posture Object

  1. In the Management Console, go to Policy -> Device Trust -> New Device Trust.
  2. Select Atmos Agent as your new device posture method.
1272

New Atmos Agent Device Posture

Enter a name and a description (optional).

Platforms

Check the platform or platforms you wish to enable, and select their version.

Conditions

📘

Note

Conditions are available based on the selected platform(s). If a condition was selected for one platform, and there is a change in platform (another was added or replaced), the condition may be unavailable.

  • Click Add Condition to open a list of existing conditions. Note: the conditions will vary according to your selected platform(s).
  • Start typing to find a condition.
  • For each condition specify whether it is enabled or disabled.
  • Delete a condition by clicking the delete delete icon

The following table lists the conditions:

Condition NameDescriptionPlatform
Client CertificateThe Atmos Agent checks whether a valid certificate is available in the device’s registry. To pass this posture validation check, the device must have a Root CA certificate.

The admin should upload Root/Intermediate CA Certificate that can be .PEM, .CRT or .CER file types.
Windows, MacOs, both
CrowdstrikeThe Atmos Agent checks if Crowdstrike’s Falcon Sensor is installed on the device, and verifies that it is running and reporting.

The Atmos Agent verifies with Crowdstrike API that it is running and reporting to the right Crowdstrike tenant.

Note: This condition is only available if there is an integration between Crowdstrike and Axis Security. Click here to learn more.
Windows, MacOs, both
Domain-JoinedThe Atmos Agent checks whether a Windows device is domain-joined to an Active Directory domain. To pass this posture validation check, the device's server domain must be joined to the Active Directory domain that was configured in the Device Posture.Windows
FirewallThe Atmos Agent inspects the firewall status for all three firewall profiles: public, private, and domain. To pass the posture validation check, at least one must be active.Windows, MacOs, both
File pathThe Atmos Agent searches for a file path that can be found on the users' systems. To pass the posture validation check the device must have that path.

For example, you can enter: C:\Program Files\Git\bin\git.exe
Windows, MacOs, both
Full Disk EncryptionThe Atmos Agent checks whether the device has full disk encryption enabled or disabled. To pass this posture validation check, full disk encryption must be enabled.

Note: BitLocker encryption is only supported.
Windows, MacOs, both
Registry Key PathThe Atmos Agent checks against the registry key Path or the Value. To pass this posture validation check, the device must have the specified registry key.

For the registry key path, ensure that the path begins with HKEY.

For example, you can enter: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters

After the path to Parameters, specify the registry entry name; for example, Domain located in the Name column and then the domain name itself, which is located in the Data column.

In this example the path would be KEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Domain

then the registry key value would be theirdomainname.com

Alt text
Windows
Windows PatchesThe Atmos Agent checks the windows patches installed. To pass this device posture check the relevant patches must be installed.

Note: The admin must explicitly mention every patch that should be checked.
Windows
ProcessesThe Atmos Agent checks whether a process is running on the computer.
For example: explorer.exe
Windows, macOS, both
Password ProtectionThe Atmos Agent checks whether the mobile device has password protection.iOS, Android
Screen LockThe Atmos Agent checks whether the mobile device has any form of screen locks such as password, facial recognition, fingerprint and more.iOS, Android
MDM Ownership VariableThe Atmos Agent device posture variable provides the capability to check for specific information on a mobile device to determine whether the device is managed by an organization’s MDM. Click here to learn more.iOS, Android
Search DomainsThe Atmos Agent checks whether a search domain is configured on the machine.Windows, macOS, both

Adding a Policy Rule

A Policy is a collection of rules which provide granular access to your apps depending on a range of parameters. For example, access can be defined based on the destination application groups of the requester. In this use case, the admin can use the device posture created above as a rule that will block or allow access to the application.

Click here to earn more about policy rules.

📘

Note

Under Device trust, select the device trust profile created in the previous section.

  1. Click Submit.

  2. Click Apply Changes in the top menu bar.