So, Why AgentP?
Most organizations already have Microsoft Intune. So the question isn’t whether you have endpoint management — it’s whether what you have is actually enough.
AgentP is Portnox’s lightweight endpoint agent. It doesn’t replace Intune. It fills the gaps Intune wasn’t built to fill: deeper risk assessment, real-time automated remediation, and simpler 802.1x configuration — all without adding IT overhead.
Here’s what that means in practice.
“We already have Intune.”
Good. AgentP works alongside it.
Intune is a strong MDM platform. But MDM compliance policies weren’t designed to enforce network access control in real time. AgentP was. It extends what Intune already does — without requiring you to rip anything out.
Where Intune checks patch levels, AgentP identifies specific missing patches and lets you define a grace period before enforcement kicks in. Where Intune can prevent certain behaviors, AgentP can automatically remediate them — re-enabling a disabled firewall, terminating a forbidden process, disconnecting an unauthorized USB peripheral — on every device transmission, without waiting for a policy refresh cycle.
A few things AgentP assesses that Intune compliance policies don’t cover:
- Open ports listening on the device
- Forbidden or required applications
- Geolocation restrictions (permitted or forbidden countries)
- Running services that should be stopped — or stopped services that should be running
- Login and account conditions (password expiration, guest account status, auto-login, anonymous access)
- Domain membership and Azure AD membership
- Windows registry keys
- Whether a device has gone dormant and stopped reporting
The gap isn’t a flaw in Intune. It’s a scope difference. AgentP covers the ground Intune doesn’t.
“We don’t want agents on endpoints.”
Understood. Here’s the honest answer: the deployment overhead is minimal.
Installing AgentP requires running an installer and entering credentials. That’s it. Everything else is handled automatically — and even that step can be fully automated so end users don’t touch anything.
The real question isn’t whether an agent creates overhead. It’s whether the visibility and control you gain outweighs the deployment effort. For organizations that need to enforce network access based on real-time device posture — not a compliance snapshot from hours ago — the answer is consistently yes.
“We don’t trust third-party agents on our devices.”
That’s a reasonable bar to hold vendors to.
AgentP operates with a defined, auditable set of remediation actions. You configure exactly what it can and can’t do. It doesn’t run in the background making arbitrary changes — it acts on the rules you set, triggered by device transmissions or a schedule you control.
The remediations it can perform include:
- Antivirus: Live update if definitions are out of date; enable if disabled
- Firewall: Enable if disabled
- Services/Daemons: Stop, start, or restart specified services on transmission or schedule
- Processes: Terminate specified running processes
- Applications: Remove specified installed applications
- USB Peripherals: Disconnect specified devices
- Internet Sharing: Disable if enabled (selectively, while on the corporate network — unlike Intune, which enforces this always or not at all)
- Bridging: Disable if enabled
- Registry Keys: Add required keys; remove unauthorized keys
- Login Script: Execute defined actions on every user login
You define the policy. AgentP enforces it. Nothing happens outside those boundaries.
Simpler 802.1x — Without the MDM Expertise
Getting wired and wireless 802.1x configuration right with Intune requires MDM expertise, SCEP proficiency, and a defined MDM profile for every device you want on the network. If you’re managing multiple MDM platforms — Intune, Jamf, Google Workspace — you’re maintaining separate profiles across all of them.
AgentP handles 802.1x configuration, certificate distribution, and certificate renewal without requiring MDM specialization. One installer. One set of credentials. Done.
For organizations with BYOD environments, AgentP also enforces a cleaner separation between corporate-managed devices and personally owned ones — something that’s difficult to achieve cleanly through MDM profiles alone.
The Bottom Line
AgentP isn’t a replacement for what you already have. It’s the layer that makes your existing environment enforceable at the network level — in real time, with automated remediation, and without asking your team to become 802.1x or SCEP experts.
If you’re enforcing access based on device posture, the agent is how you get there.