TAC and I are tweaking our OnGuard configuration to provide a better user experience. We use the Persistent Agent. I'd like to provide a grace period for users to install updates before they are quarantined. I've been thinking about setting a time attribute and doing calculations to track how long a user's device is in the "needs updates" state. The link below seems to imply there is an application token "Checkup" state that says "Client is compliant; however, there is an update available. This can be used to proactively remediate to healthy state". How does one utilize the "Checkup" state? On a related note, I'd like to quarantine the device immediately if the application token is "Infected". To this point, we've only used Healthy or Unhealthy. What sets these application tokens and how does one utilize them?
On a related note, we are currently using attributes "Health Check Interval" and "Health Check Quiet Period" to provide a grace period. My feeling is using application tokens above would be a more real-time and a more secure solution. In our test WEBAUTH service, these attributes have been removed.
Thanks,
Robert
https://www.arubanetworks.com/techdocs/ClearPass/6.7/PolicyManager/Content/CPPM_UserGuide/Posture/postureArchandFlow.html shows a