Overview

In advance of employees’ return to the office, IT and office management teams face a critical challenge: they have no insight into the security and configuration of their workforce’s devices.

Without this vital knowledge, they cannot be certain that employee devices are properly configured, authenticated, and secured so as to be in line with company policies. By providing IT teams insights into remote worker devices' security and configuration profile, potential threats to device security and employee productivity can be addressed well before the devices are on site.

Dashboard

Device Readiness Summary

The data displayed in this section is based on the included “Return to the Office” Score, which measures various device parameters, such as password expiry date, GPO policy assignment, etc., and combines them to create an overall readiness value.

If a device has a Score between 7 and 10, it is considered ready to be returned to the Office. Breakdowns by hierarchy and department are shown to provide more clarity. If devices are not “ready”, you should drill down into the Finder and take a look at its compliance with the “Return to the Office” Score. Low scores in either the Security or Configuration sections will negatively impact the overall readiness of the device.

Security breakdown

The data displayed in this section is based on the Score values of the “Security Checklist” portion of the included “Return to the Office” Score. It shows a breakdown of devices by Leaf Score value. Where you see that the device is non-compliant with a particular item - for example, the password may be expiring soon or BitLocker is not enabled, either run the respective remote action to remediate this where possible or contact the employee and work through the issue with them so that their device becomes compliant.

Configuration breakdown

The data displayed in this section is returned by the “Get Computer Assigned Group Policy” and the “Test certificate pair is valid” remote actions. Where you see devices with invalid certificates and Group Policy application failure, take action with the employee to resolve this issue before returning to the Office.

Remote Action Status

This section of the dashboard shows you the execution failures of the Remote Actions included in this library pack by location and department. If Remote Actions are failing, check to make sure that the input parameters for the failing Remote Actions are correct. Note, not all of the Remote Actions require input parameters. In this case, the issue may be with the target devices.

Office worker SCCM traffic

This section gives you an insight into the total network traffic going to your SCCM servers from enrolled devices. In the second widget, you can see the number of enrolled devices experiencing network connectivity issues with your SCCM servers. Connectivity issues to the SCCM servers should be addressed quickly, as this can mean devices are not receiving critical patches or updates depending on your configuration.

Configuration

Categories

  • The “Departments” category should contain a list of all the departments to which remote devices belong.

    • The “SCCM Servers” category should contain a list of servers whose network traffic with enrolled devices you want to monitor.

Score

  • The included “Return to the Office” Score measures various device parameters and combines them to create an overall readiness value, based on the individual leaf score ratings and the combination of these leaf scores into their respective composite scores.
    This score file should be configured, therefore, to match the needs and requirements of your environment. Some leaf scores, such as “Antivirus up to date”, have a binary return of Yes/No, but some, such as “Days since domain device password was updated” have a variable scoring system related to the number of days returned and you may want to change this scoring to match your organization’s security policy.
    To configure the score, simply export the Score as shown below and load it into the Scores Creator tool:

    • The overall device readiness as reported in the dashboard is dependent on the overall value of the “Checklist” composite score. This is based on two other composite scores; “Security Checklist” and “Configuration Checklist”. For a device to be considered ready to return to the office, therefore, all of the underlying leaf scores need to be functioning so that they can contribute towards the overall “Checklist” composite score.
      This threshold for “readiness” is configured by a metric with a value of “7” as shown:

      This threshold can be customized if required, but if any of the parameters measured by the individual leaf scores are not relevant to your organization, they should be removed from the score file so that the composite score calculation functions properly.

ChangeLog

v1.0.0.0 - Initial Release