ForeScout NAC Compliance on the Mac

ForeScout (NAC, Network Access Control) Compliance on the Mac

How to install ForeScout, CrowdStrike, and check encryption on Mac.


Requirements

  • MacOS: Supported Versions
  • Access to a Mass General Brigham wifi network (that is not "MGBguest") or VPN

What your Mac needs to be in compliance with NAC:

  1. Enrolled in Intune or PEAS
  2. Install ForeScout SecureConnector
  3. Install AntiVirus (CrowdStrike AntiVirus is supplied for free. See below)
  4. Encrypt your Mac

Enrolled in Intune or PEAS

To enroll your Personal Mac into Intune, refer to KB0041620 HOW TO: Enroll Your Personal Mac Into Intune

 

For more information on Intune, visit the Vitals page on Microsoft Intune


Install ForeScout SecureConnector

1. Open Self Service in your Applications folder on your Mac.

 

2. Log in using your MGB User ID and password.

 

3. Click install below the ForeScout SecureConnector icon.

 

Note: To verify that ForeScout SecureConnector is installed you can check for it in your Applications folder.

     


Install CrowdStrike AntiVirus 

1. Open the Self Service in your Applications folder on your Mac.


2. Log in using your MGB User ID and password.

 

 

3. Click on the CrowdStrike icon in self service, then click the Install button below the Crowdstrike icon.

Note: Installing CrowdStrike AntiVirus also installs the PEAS Menu, which gives you information on your PEAS status.

 

 


Encrypt your Mac

Any Mac that is enrolled in PEAS will prompt you for encryption on reboot if you are not encrypted. Depending on your version of the Mac operating system, it will ask when you log out, or log back in.

1. You can determine if you are encrypted by opening System Settings, going to Privacy & Security, and scrolling down to FileVault.

 

 

 

    • When FileVault is set to on, then your computer is encrypted.
    • If FileVault is off, then your computer is not encrypted.

3. If you are enrolled in PEAS, it is recommended that you reboot, and when prompted, click Encrypt. Upon reboot, you will see this window:

 

4. Click Enable Now to begin the encryption process.

Go to KB0030738 in the IS Service Desk

Related articles