Name of the device as defined in Configuration Manager (CM) for Windows computers or Jamf Pro for Macs.

Note: All University-owned computer assets should follow a standard naming convention, with the names all beginning with agreed-upon Unit acronyms. Current Active Directory naming prefixes are available here. (Note that CM requires Active Directory, but Jamf does not.)

• Yes: the device has all its fixed volumes encrypted and inventory has been sent within the last 30 days.
• No: the device does not have all its fixed volumes encrypted (that is, some volumes may be encrypted and others not) and no inventory data has been sent within the last 30 days.

• Yes: a screen lock is enabled and set to trigger at 30 minutes or less and inventory information was sent within the last 30 days.
• No: a screen lock is not enabled or is set to trigger at longer than 30 minutes, or no information about a screen lock was provided, or inventory data was not sent within the last 30 days.

Note: Windows devices must must have screen lock set according to this documentation for CM to accurately inventory the settings: Certified Desktop Windows Screen Lock Compliance. 

*Note: For MacOS screen lock compliance, the judgment is only for: is the screen lock enabled.

Windows: Accurate

MacOS: Inaccurate*

• Yes: Device exists in Jamf or CM and CrashPlan, and has a CrashPlan lastconnecteddate newer than 30 days.
• No: CrashPlan lastconnecteddate value is null or older than 30 days

• Yes:
  • All required Microsoft OS security patches deployed to CM central patching are installed and their inventory information was sent within the last 30 days.  
  • All required MacOS security patches deployed by Apple are installed, and the inventory information was sent within the last 30 days.
• No:
  • Not all required Microsoft OS security patches deployed to CM central patching are installed, or their inventory data was not sent within the last 30 days.
  • Not all required MacOS security patches deployed by Apple are installed, or the inventory information was not sent within the last 30 days.

Note: MacOS versions for which Apple no longer publishes patches (i.e., n-2 versions) and Windows 10 versions for which Microsoft no longer provide updates (refer to Windows 10 Enterprise and Education) will be marked as non-compliant with OS Vendor Patching.

*Note: Windows 11 25H2 and higher do not currently reflect accurate patch status. This is a Microsoft bug and a ticket is open with the vendor on this issue. If the computer is active and enrolled in managed patching with Windows Update Client Policies, it should be getting the latest updates as required.

MacOS: Accurate 

Windows: Inaccurate*

• Yes:
  • Windows: Secteer is installed and has a last inspection date within 7 days.
  • MacOS: all required third-party application patches deployed to central patching are installed, or inventory data was sent within the last 30 days.
• No:
  • Windows: Secteer is not installed or does not have a last inspection date within 7 days.
  • MacOS: not all required third-party application patches deployed to central patching are installed, or inventory data was not sent within the last 30 days.

• Yes: CrowdStrike has provided data and the client has checked in with the CrowdStrike cloud in the last 14 days.
• No: either no data was provided by CrowdStrike, or data was provided but the client has not checked in with the CrowdStrike cloud in the last 14 days.