Type the major and minor versions, and the build number for the operating system.

The comparison Operator applies to all three values. To specify all versions, enter “greater than or equal to” (>=) as the Operator, and then type the major version number in the Major field and the minor version number in the Minor field. You can also specify the Build and the Patch numbers. For more information, see Using Comparison Operators with Device Profile Attributes.

Type the application name with extensions that EPC should check for in this profile.

Android

Windows

Mac

Linux

ChromeOS

Type the major and minor versions, and the build number for the operating system.

The comparison Operator applies to all three values. To specify all versions, enter “greater than or equal to” (>=) as the Operator, and then type the major version number in the Major field and the minor version number in the Minor field. For more information, see Using Comparison Operators with Device Profile Attributes.

(This attribute is available only if you have Advanced EPC). Select the antimalware programs that EPC should check for in this profile. See Advanced EPC: Extended Lists of Security Programs for more information.

If you don’t have Advanced EPC, or if you don’t see the security programs that your users require, you can still specify programs by adding them to a device profile using another attribute, such as Application or Windows registry entry.

Few Antimalware Program that is used are: McAfee, Sophos, Bitdefender, ESET

Windows

macOS

Linux

Select a Certificate Authority from the drop-down menu in the CA certificate area. (See Importing CA Certificates if the CA you want to use is not listed).

A client device will match this profile as long as the appliance is configured with the root certificate for the CA that issued the client certificate to your users.

Select the certificate store(s) you want searched:

• System store only specifies that only the system store (HKLM\SOFTWARE\Microsoft\SystemCertificates) is searched

• System store and user store specifies that the system store is searched first, followed by the user store (HKCU\Software\Microsoft\SystemCertificates)

• A device profile can contain only one client certificate attribute.

• The system store cannot be searched unless the user has administration privileges on the client device.

• Enable the option “Trust” to trust Intermediate CAs without verifying the entire chain.

Windows

macOS

Apple iOS

Android

Linux

Chrome OS

Type the name of a directory that must be present on the hard disk of the device. Directory names are not case-sensitive.

When creating a device profile for jailbroken iOS devices, be sure to configure a denied EPC zone for the profile and bind this zone to at least one community.

The directory must be accessible to the user logging in. If the directory is not accessible to the user, the End Point Control evaluation will fail.

Windows

macOS

Linux

Apple iOS

Android

Chrome OS

Type the identifier for the device or use variables to define the identifier based on user attributes.

You can choose to allow access to users who do not have any registered devices on the external AD/LDAP server. Typically this would be done to allow a user access until their device identifier can be registered. Whether or not you choose to allow access, all requests for access that come from unregistered devices will be logged in the Unregistered Device Log.

Windows

macOS

Linux

Apple iOS

Android

Chrome OS

Type the name of a file (including its extension and full path) that must be present on the hard disk of the device. File names are not case-sensitive. You can use environment variables (such as %windir% or %userprofile%), or wildcard characters (* and ?).

You can optionally specify a File size or the date and time (GMT) the file was Last modified. Both of these options use a comparison Operator; for more information and examples, see Using Comparison Operators with Device Profile Attributes. The file’s modification date and time can be specified as an Absolute or Relative value.

The device profile can be configured to validate file integrity using an MD5 or SHA-1 hash (valid on all platforms), or use a Windows catalog file to validate Windows system files.

Device profiles that check for the name of the file(s) used by jailbroken or rooted devices include:

• For jailbroken Apple iOS devices, the file name is cydia.

• For rooted Android devices, the file names are /system/bin/su and /system/xbin/su.

If creating a device profile for jailbroken iOS devices or rooted Android devices, be sure to configure a denied EPC zone for each profile and bind each of these zones to at least one community.

The files and directories must be accessible to the user logging in. If the file is not accessible to the user, the End Point Control evaluation will fail.

Windows

macOS

Linux

Apple iOS

Android

Chrome OS

Type the major and minor versions, and the build number for the operating system. For example, enter Major 5, Minor 0, and Build 9A405 for the iOS 5.0.1 build 9A405 version.

The comparison Operator applies to all three values. To specify all versions of 5.0, for example, enter “greater than or equal to” (>=) as the Operator, and then type 5in the Major and 0 in the Minor fields. For more information, see Using Comparison Operators with Device Profile Attributes.

Type the major and minor versions, and the build number for the operating system. Examples of versions for macOS are:

• v11.X

• v10.15

  The comparison Operator applies to all three values. For example, enter “greater than or equal to” (>=) as the Operator, and then type 10 in the Major and 5 in the Minor fields. For more information, see Using Comparison Operators with Device Profile Attributes.

(This attribute is available only if you have Advanced EPC). Select the firewall programs that EPC should check for in this profile. See Advanced EPC: Extended Lists of Security Programs for more information.

If you don’t have Advanced EPC, or if you don’t see the security programs that your users require, you can still specify programs by adding them to a device profile using another attribute, such as Application or File Name.

Few Antimalware Program that is used are: McAfee, ESET , Intego, Open Door Networks

Windows

macOS

Linux

Type the domain name the computer belongs to in NetBIOS syntax (for example, mycompany), without a DNS suffix. Separate multiple entries with a semicolon. The domain can contain wildcard characters (* and ?).

Type the Key name, and optionally enter a Value name and Data, and then select a comparison Operator for the Data field. See Using Comparison Operators with Device Profile Attributes for more information.

Wildcards can be used for the value and data, but not for the key. To enter a special character (such as a wildcard or back slash), you must precede it with a back slash.

Type the major version, minor version, build, and revision number for the operating system. Example major/minor versions, build number, revision number for Windows 10 are:

• Windows 10: 10/0/17134/523

The comparison Operator applies to all three values. For more information, seeUsing Comparison Operators with Device Profile Attributes.

Configure the following options: AAD registered, Compliant, Last Sync, Device Owner, and Encrypted.

By default, this attribute is disabled. To enable, in AMC navigate to User Access > End Point Control > Mobile Device Management Profiles and configure Microsoft Intune settings.

Type the major version, minor version, and build for the operating system. Example major/minor versions, and build number.

• Linux: 5.8.66

The comparison Operator applies to all three values. For more information, seeUsing Comparison Operators with Device Profile Attributes.