Skip to main content
McAfee Enterprise MVISION Cloud

Configure Device Posture Profiles

Skyhigh Private Access continuously assess the security posture of the connecting device. The connecting device can be an enterprise-owned device, personal computer, a mobile device, or a BYOD device. You can specify the device's attributes such as operating system, operating system version, firewall policy, and antivirus software status. The device must meet the specified criteria to consider it to be compliant in order to establish trust and gain access to the requested private application.

Before you begin

Install Skyhigh Private Access for macOS and Windows systems and Cloud Access Client for iPhones.

  1. On the Skyhigh CASB navigation bar, click settings.
  2. Select Infrastructure | Web Gateway Setup.
  3. In the Configure Device Profile section, click New Device Profile.
  4. Complete the following fields in the Configure Profile Settings page:
    • Device Profile Name — Enter the name of the device profile.
    • OS name — Select the operating system (Windows or macOS) of the device.
    • OS version — Specify the minimum version of the operating system installed on the device. For example, enter 10.0.18363.for the device running Microsoft Windows 10. The device installed with the specified OS version or higher passes the device posture validation. 
      Note: For macOS, you can specify only major and minor version numbers. For example 10.14
    • Antivirus — Specify whether the antivirus software is enabled or disabled on the device. Will not check for the status of the antivirus software when you select Ignore.
    • Firewall — Specify whether the firewall is enabled or disabled on the device. Will not check for the firewall status when you select Ignore.
    • Encrypted Fixed Disk — Specify if there is any encrypted fixed disk on the device. Will not check for encryption status of the fixed disk when you select Ignore.
  5. Enable Company CA certificate present in the Trust Store section to add the company CA certificate information.
    • Certificate Location — Enter the location (path) of the company CA certificate stored in the Trust store. For example, the certificate can be under the \LocalMachine\<Path of the certificate> or \CurrentUser\<Path of the certificate> folder for Windows devices and the /Library/Keychains/System.keychain folder for macOS devices.
    • Certificate Thumbprint — Enter the thumbprint of the CA certificate. The thumbprint of a certificate is not case sensitive, and you can enter without separators. For example, you can enter 26 10 22 C2 97 D4 BD AD 02 E6 26 1E 2A 85 48 0B F0 44 95 82.
    • Certificate — Select Valid if the device has a valid certificate, select Invalid if the device has an invalid or expired certificate, and select Ignore to ignore the validation of the device certificate. When you select Valid, the McAfee Client Proxy software checks if the CA certificate is available in the specified location, certificate thumbprint, valid signature, its expiration date and status. When you select Invalid, the device posture validation passes for the invalid inputs.
  6. Click to enable Client certificate signed by company's CA section to add the client certificate information.
    • Certificate Location — Enter the location (path) of the client certificate signed by a Certificate Authority. For example, the certificate can be under the \LocalMachine\<Path of the certificate> or \CurrentUser\<Path of the certificate> folder for Windows devices and the /Library/ Keychains/System.keychain folder for macOS devices.
    • Certificate Thumbprint — Enter the thumbprint of the CA certificate used to sign the client certificate. The thumbprint of a certificate is not case sensitive, and you can enter without separators. For example, 29 10 22 C2 97 D4 BD AD 02 E6 26 1E 2A 85 48 0B F0 44 95 82.
    • Certificate — Select Valid if the device has a valid certificate, select Invalid if the device has an invalid or expired certificate, and select Ignore to ignore the validation of the device certificate.
  7. Click Save.
  • Was this article helpful?