Can I whitelist or exempt a device?

Making exceptions is, unfortunately, a normal part of IT and security operations. And while it may be considered a last-resort, there should still be an elegant way of handling it. With this in mind, we’ve created a straightforward policy exemption mechanism for devices.

Additionally, because exempt devices can potentially create security holes in your network, we’ve made it easy to audit exemption events, find exempt devices, and reverse the exemption.

While in an exempt state, devices will respond to the registry API and REST API v2 as if they were compliant. Despite this, all compliance issues will continue to be reported in the device details and API detailed responses.

/*<![CDATA[*/ div.rbtoc1618347068240 {padding: 0px;} div.rbtoc1618347068240 ul {list-style: disc;margin-left: 0px;} div.rbtoc1618347068240 li {margin-left: 0px;padding-left: 0px;} /*]]>*/


Exempting devices from MetaAccess policy

There are 2 options to exempt devices from a policy:

Option 1:

  1. Log into MetaAccess console

  2. Navigate to the Inventory > Devices

  3. Select the devices you would like to exempt

  4. Click Actions > select Exempt

  5. images/download/attachments/7613509/image2021-3-24_13-44-14.png

5. Select a period you would like to exempt then confirm your action with your PIN

images/download/attachments/7613509/image2021-3-24_13-50-32.png

Option 2

The Devices Action API can be used for programmatically managing device exemption state.


Reversing an exemption

  1. Log into MetaAccess console

  2. Navigate to the Inventory > Devices

  3. Select the devices you would like to exempt

  4. Click the Actions >select Unexempt, then confirm with your PIN.

images/download/attachments/7613509/image2021-3-24_13-52-3.png

Filter exempted devices

  1. Log into MetaAccess console

  2. Navigate to the Inventory > Devices

  3. Click Filters

  4. Select "Exempted" under Device Status section, then click Update to apply selected filter criteria

Audit log to track exemptions

MetaAccess allows multiple administrators to manage a single account, so it’s important that administrators can track actions taken by each other. To this point, exemption actions have been added to the Device event log (Logs > Device Events).

Any actions taken to exempt or unexempt a device will appear in this log, along with the name of the logged-in administrator who performed the action. You can also filter exempt/unexempt actions in the log too.

This article was last updated on 2021-03-24
TT