Configure risk based on the Intune integration

In this topic, you will learn how to set the Portnox™ Cloud risk policy attributes to assign risk scores based on the Microsoft Intune integration status and compliance.

Before you do the steps in this topic, complete the steps described in the following topic: Integrate with Microsoft Intune.

If you integrated Portnox Cloud with Intune, you can get risk-related information for the policy either from Portnox AgentP, if you installed it on user devices, or from Intune, if the device does not have AgentP installed. If AgentP is installed on the device, the risk information from AgentP has higher priority and Intune-related risk attributes are ignored.

  1. Create a new risk assessment policy or edit an existing risk assessment policy by doing the steps in the following topic: Create or edit a risk assessment policy.
  2. In the AGENTLESS section on the left-hand side, select the operating system to configure the attributes for this operating system.

    Each policy contains rules for all operating systems. If you do not configure a specific operating system, Portnox Cloud will use default settings for that operating system.

    For detailed description of the Intune-related attributes, see the section Intune integration risk attributes below.

  3. In the right-hand side pane, configure the attributes for the selected operating system.
  4. Repeat the above steps for other operating systems.
  5. To save your policy settings, click on the Save policy button on the bottom right of the page.

Intune integration risk attributes

In this section, you will learn to configure Intune integration risk attributes for different operating systems.

Note: Attributes are listed alphabetically. All attributes are the same for all operating systems.
  • Intune dormant: Portnox Cloud increases the risk score if the agentless device is managed by Microsoft Intune, the device is active and connected to the network, but it’s not connecting to Intune.

    The device will be considered Intune dormant if any of the following are true:

    • Device isn't reporting its configuration to Intune for: the number of hours since the last time the active device connected to Intune and reported its configuration.
    • Compliance status isn't updated for: the number of hours since the last update of the device compliance status in Intune.
  • Intune non-compliant: Portnox Cloud increases the risk score if the agentless device is managed by Microsoft Intune and Intune reports that it is not compliant with the policies configured in Intune.
  • Not managed by Intune: Portnox Cloud increases the risk score if the agentless device is not managed by Microsoft Intune.