ForeScout NAC Compliance on the Mac

ForeScout (NAC, Network Access Control) Compliance on the Mac

How to install ForeScout, CrowdStrike, and check encryption on Mac.


Requirements

  • Mac OS versions: macOS 12 Monterey and above
  • Access to a Mass General Brigham wifi network (that is not "MGBguest") or VPN

What your Mac needs to be in compliance with NAC:

  1. Enrolled in PEAS
  2. Install ForeScout SecureConnector
  3. Install AntiVirus (CrowdStrike AntiVirus is supplied for free. See below)
  4. Encrypt your Mac

Enrolled in PEAS

To enroll your Mac in PEAS, refer to KB0034657

If you are unsure whether you are enrolled in PEAS, open a Finder window and check your Applications folder for the Self Service application. If Self Service is there, then you are enrolled.

    • For more information on PEAS, visit our PEAS FAQ

Install ForeScout SecureConnector

1. Open Self Service in your Applications folder on your Mac.

 

2. Log in using your MGB User ID and password.

 

3. Click install below the ForeScout SecureConnector icon.

 

Note: To verify that ForeScout SecureConnector is installed you can check for it in your Applications folder.

     


Install CrowdStrike AntiVirus 

1. Open the Self Service in your Applications folder on your Mac.


2. Log in using your MGB User ID and password.

 

 

3. Click on the CrowdStrike icon in self service, then click the Install button below the Crowdstrike icon.

Note: Installing CrowdStrike AntiVirus also installs the PEAS Menu, which gives you information on your PEAS status.

 

 


Encrypt your Mac

Any Mac that is enrolled in PEAS will prompt you for encryption on reboot if you are not encrypted. Depending on your version of the Mac operating system, it will ask when you log out, or log back in.

1. You can determine if you are encrypted by opening System Settings, going to Privacy & Security, and scrolling down to FileVault.

 

 

 

    • When FileVault is set to on, then your computer is encrypted.
    • If FileVault is off, then your computer is not encrypted.

3. If you are enrolled in PEAS, it is recommended that you reboot, and when prompted, click Encrypt. Upon reboot, you will see this window:

 

4. Click Enable Now to begin the encryption process.

Go to KB0030738 in the IS Service Desk

Related articles