When using Microsoft Endpoint Manager, Vanta will only read in compliance policies and will not read in configuration profiles. Shown below is how to properly configure compliance policies for Vanta.

 

Screenlock

  • The attached compliance policy must contain the following system security settings:

Screenlock.png

  • Note: Maximum minutes of inactivity before password is required must be less than or equal to 1 hour.

 

Hard Disk Encryption

  • The attached compliance policy must contain the system security setting Require encryption of data storage on device:

mceclip3.png

 

Password Manager

  • In order for Vanta to determine if the workstation has a password manager, it must appear in the Discovered Apps list. Applications appearing only in the Managed Apps list are not detected by Vanta:

mceclip1.png

 

Antivirus

There are two ways Vanta will recognize antivirus is installed on the machine:

1. One of our supported antivirus applications is installed on the machine and available in the Detected Apps list as mentioned above.

Or

2. The attached compliance policy requires antivirus to be installed:


mceclip2.png

 

Troubleshooting

  • Check that settings for antivirus and disk encryption are set in compliance policies and not in configuration profiles.
  •  Ensure that any devices that aren't reporting correctly are attached to the correct compliance policy.
  • Ensure that the device is compliant with the compliance policy and\or not in a "not evaluated" state.
  • If a device is showing for the incorrect user, note that Vanta will use the "enrolled by" field for the device to determine owner. This is due to a limitation of Microsoft's Graph API as it only shows "enrolled by" and not the "primary user."