Portnox AgentP

v. Microsoft Intune

compare-tile (1)

AgentP offers a number of configuration, risk assessment, and compliance enforcement benefits beyond what Microsoft Intune provides out of the box. The extent of configuration required for AgentP is running the installer and entering your user credentials. Everything else is handled for you. In fact, that can even be automated so that the user doesn't need to do anything at all. It's all magically handled by our AgentP. Take an in-depth look at how AgentP stands up to Intune, and better understand the technical ins and outs of how AgentP ensures 24/7 network protection.

Configuration Advantages

In general, AgentP offers easier configuration than Intune across these key areas:
  • Wireless & wired 802.1x configuration
  • Certificate distribution
  • Certificate renewal
What’s more is that defining MDM profiles is solution specific. You must have, and be an expert in Google Workspace, inTune, Jamf, etc. All the devices you wish to have connect to your network all need to be in one of these solutions also. Then you need to define MDM profiles that push the wired/wireless configuration to those devices. You need some proficiency in certificate management in addition to your MDM solution to understand how SCEP works to configure it properly before certificates can be issued to the devices in your MDM solution(s).

Risk Assessment Policy Advantages

  • Open Ports: Having any of the following ports open for listening constitutes a policy violation.
  • Applications: Specify which applications it is forbidden or mandatory to install on the device. Having a forbidden application, or lacking a required application, constitutes a policy violation.
  • Dormant: A dormant device is one that stops reporting its status, configuration, and installed applications after a configurable number of connection attempts by Portnox.
  • Geolocation: Specify from which countries it is forbidden to connect or specify from which countries it is required to connect.
  • Intune Dormant: Device isn't reporting its configuration to Intune for ‘X’ number of hours or Compliance status isn't updated for ‘Y’ number of hours
  • Not Managed by Intune: Device is not managed by Intune
  • Windows Registry: Specify registry keys which must be present on computer
  • Azure Active Directory Membership: The device must be a member of one of the following Azure Active Directories.
  • Running Services: Specifies which running services are forbidden on the device and specifies which services must be running on the device.
  • Login and Accounts: Specify the login and account conditions that must be met. If not all the selected conditions are met, the risk score specified for this attribute is added to the risk rating.
    • Each user account on the device has a password with a defined expiration date
    • Each user account on the device has a non-blank, strong password
    • The Guest account on the device is disabled
    • Device auto-login is disabled
    • Anonymous device access is disabled on the device
  • Administrator Privileges: Logging in with administrator privileges constitutes a policy violation.
  • Peripheral Devices: Specify which peripheral devices it is forbidden to connect to the device. Having a forbidden peripheral device constitutes a policy violation.
  • Domain Membership: The device must be a member of one of the following Windows LDAP Directory domains.
  • Certificates: The certificates corresponding to the thumbprints listed below must be installed
  • Missing Patches: Specify how long the system may run without installing pending important or critical patches. Exceeding a specified grace period constitutes a policy violation.
    • Intune handles patch levels only, rather than the ability to identify specific patches missing and does not allow for defining a grace period
  • Windows Update: The configured Windows Update mode must match the mode selected here, with one exception: if the device is configured for Update Automatically, but the mode selected here is Update Manually, this is not considered a policy violation.
    • Update Automatically
    • Update Manually
    • Update by Windows Server Update Services (WSUS)
  • Installation from Unknown Sources: Configuring device to allow installation of apps from sources other than Mac App Store constitutes a policy violation.

Automated Remediation Advantages

  • Antivirus Live Update: Portnox CLEAR will perform an antivirus live update upon every device transmission, or at the specified recurring schedule.
    If the installed CLEAR-supported antivirus application is not up-to-date, CLEAR will perform a live update.
  • Antivirus Start: Portnox CLEAR will perform the following immediately upon every device transmission.
    If the installed CLEAR-supported antivirus application is disabled, CLEAR will enable it.
    • Can be prevented using Intune’s tamper protection but cannot be automatically remediated like AgentP
  • Firewall Start: Portnox CLEAR will perform the following immediately upon every device transmission. If the default/built-in firewall is disabled, CLEAR will enable it.
    • Can be prevented using Intune’s tamper protection but cannot be automatically remediated like AgentP
  • Service Daemon Stop: Portnox CLEAR will perform the following immediately upon every device transmission or at the specified recurring schedule.
    If the specified services/daemons are running, CLEAR will stop them.
  • Service Daemon Start: Portnox CLEAR will perform the following immediately upon every device transmission or at the specified recurring schedule.
    If the specified services/daemons are not running, CLEAR will start them.
  • Service Daemon Restart: Portnox CLEAR will perform the following immediately upon every device transmission or at the specified recurring schedule.
    If the specified services/daemons are not running, CLEAR will start them.
  • Process Terminate: Portnox CLEAR will perform the following immediately upon every device transmission. If the specified processes are running, CLEAR will terminate them.
  • Application Removal: Portnox CLEAR will perform the following immediately upon every device transmission or at the specified recurring schedule.
    If the specified applications are installed, CLEAR will remove them.
  • USB Peripheral Disconnect: Portnox CLEAR will perform the following immediately upon every device transmission.
    If the specified USB peripherals are connected to the device, CLEAR will disconnect them.
  • Internet Sharing Disable: Portnox CLEAR will perform the following immediately upon every device transmission. If internet sharing is enabled on the device, CLEAR will disable it.
    • Can be forced though Intune always or not at all. Cannot be selectively forced only while accessing the corporate network
  • Bridging Disable: Portnox CLEAR will perform the following immediately upon every device transmission.
    If bridging is enabled on the device, CLEAR will disable it.
  • Registry Keys: Automatically add required missing registry keys, or remove registry keys that are not allowed within the risk assessment policy
  • Login Script: Portnox CLEAR will perform the following upon every user login.