A Microsoft Windows endpoint is attempting to authenticate to the network. During a posture assessment, Cisco ISE detects that the Automatic Updates feature has not been enabled on the endpoint. The endpoint is otherwise compliant.
Which of the following statements about the endpoint is true?
A. It will be labeled noncompliant, and administrators will be alerted.
B. It will be quarantined and not allowed to authenticate.
C. It will require the user to click a remediation link.
D. It will be automatically configured to enable Automatic Updates.
Explanation:
The Microsoft Windows endpoint will be automatically configured to enable Automatic Updates if a Cisco Identity Services Engine (ISE) posture assessment detects during a posture assessment that the feature is not enabled on the endpoint. ISE is a next-generation Authentication, Authorization, and Accounting (AAA) platform with integrated posture assessment, network access control, and client provisioning. The ISE posture assessment feature enables automatic checks of the security posture of endpoints as they try to connect to the network. An endpoint that is compliant with the company’s security posture is compliant with the company’s security policies. Network administrators define the security posture that an endpoint must match before it is allowed to connect to the network.
Cisco ISE is preconfigured with the pr_AutoUpdateCheck_Rule condition, which enables ISE to determine whether the Microsoft Windows Automatic Updates feature has been enabled on a Windows endpoint. Unlike other types of remediations that require action by the endpoint’s user, ISE will automatically enable Automatic Updates on any Windows endpoint that is noncompliant with this rule. If the endpoint is otherwise compliant with the ISE posture assessment, it will then be allowed to authenticate to the network.
To authenticate with the network, an endpoint must achieve a compliant security posture. For example, an endpoint that passes an ISE posture assessment and achieves the status of compliant might then be allowed to use either the Institute of Electrical and Electronics Engineers (IEEE) 802.1X authentication protocol or MAC Address Bypass (MAB) to authenticate to the network at Layer 2 of the Open Systems Interconnection (OSI) networking reference model.
The endpoint will not be labeled noncompliant, nor will it be quarantined. Nor will the user be required to click a remediation link. In this scenario, the endpoint is compliant with the company’s security posture except for the Microsoft Windows Automatic Updates feature. In ISE, network administrators have the option of providing remediation for noncompliant endpoints. For example, an endpoint that is using an out-of-date authentication client to connect to the network can be supplied with a link to download an updated client. If an endpoint is unable or unwilling to perform remediation, ISE sets the status of the endpoint to noncompliant and quarantines the endpoint’s session. Restarting the posture assessment process is the only way to release an endpoint from its quarantine and noncompliant status.
Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_010111.html#ID898