|

Sudo Talks Dec 24 Q&A

ByBen Greiner

Exploring Addigy’s Latest Compliance Features
Welcome to our December edition of Sudo Talk Q&A! In this session, we address some of the most frequent and intriguing questions posed by our attendees. From macOS compliance benchmarks to Virtual Machine (VM) testing, this roundup dives into the nuances of Apple device management using Addigy.

Configuring Login Window Messages

  • Question: How do I write a custom message in the Login Window? It seems like it gets marked non-compliant if we use a message other than the standard one.
  • Answer: While you can’t modify pre-built benchmark rules directly, you can create custom rules to check for your specific message and stack them on top of the prebuilt benchmark.

Using Virtual Machines for Testing

  • Question: Please share recommendations on using VMs for testing.
  • Answer: We use VirtualBuddy internally. Build a base OS, duplicate it as needed, and enroll in MDM. This approach lets you use the base OS like a snapshot, rolling out a fresh OS quickly for testing. For Intel-based chips, we recommend Parallels Desktop for Mac.

Compliance Profiles and Benchmarks

  • Question: What’s the difference between Level-1 and Enterprise profiles?
  • Answer: Enterprise profiles are for iOS and include fewer rules than macOS benchmarks.
  • Question: Can I apply multiple CIS benchmarks to a single policy? For example, what if I apply a macOS 15 benchmark to a Mac running macOS 14?
  • Answer: Yes! Assigning multiple benchmarks is recommended, as it ensures devices transitioning to newer OS versions immediately adopt the appropriate compliance rules.
  • Question: What happens if some settings are already defined in another MDM profile?
  • Answer: There won’t be any conflicts. Apple’s MDM profile system prioritizes the most restrictive settings.
  • Question: If I apply a benchmark and then unassign it, what happens to the settings?
  • Answer: Profiles will be removed, and settings will be reverted. However, changes made by scripts will remain and need to be manually reverted or handled through another script.

Notifications and Updates

  • Question: Are there notifications for changes to cloned compliance benchmarks?
  • Answer: We notify users through status.addigy.com. We’re also working on improving opt-in update workflows for cloned benchmarks.
  • Question: When will end-user impact visibility for rules be available in the GUI?
  • Answer: You can currently view this information by clicking “Rule Description”. We’re working on a way to make it more prominent when assigning benchmarks.

Industry-Specific Compliance Standards

  • Question: What’s the difference between NIST, CIS, DISA, and CMMC?
  • Answer: Here is a very high-level summary:
    • CIS: A general standard for most organizations as a baseline for security and compliance.
    • NIST: Designed for high-security organizations like finance and healthcare.
  • DISA/CMMC: Used for Department of Defense (DoD) and contractor-specific compliance needs.

Addressing Popups and Permissions

  • Question: Users report popups saying, “auditor wants to access data from other apps” after deploying CIS-1. How do I fix this?
  • Answer: This issue should not occur when deploying Addigy MDM alongside compliance benchmarks. Addigy automatically pushes down the required PPPC profiles. If this persists, please open a support ticket.

Testing Addigy Compliance

  • Question: When I clone a compliance benchmark, will my rules update if Addigy updates the parent policy?
  • Answer: Yes, updates to pre-built benchmarks propagate to cloned rules once a new revision is released.
  • Question: Can I mix monitoring and remediation rules in a compliance policy?
  • Answer: Absolutely. Start with monitoring rules and gradually add remediation benchmarks on top.

Summary

Whether you’re tweaking your compliance policies, managing VMs for testing, or aligning with industry standards, these answers should help you get the most out of Addigy. Got more questions? Let us know by reaching out to [email protected].

Addigy customers can contact their Customer Success Manager for further guidance. If you’re new to Addigy, we invite you to Schedule a Demo or start a Free Trial.

Register for our next SudoTalk session in January!

Similar Posts