HERE'S WHY
Having secure devices plays a major role in meeting compliance requirements. We want to support as many Mobile Device Management solutions (MDMs) in addition to providing our agent. This article goes over how to set up Hexnode UEM & bring all of your compliance-related information from Hexnode to Drata.
BEFORE DIVING IN
Make sure that you have admin access to your company’s Hexnode account.
Make sure that the devices you wish to monitor are enrolled through the Hexnode app. For more information on how to enroll Windows devices, please click here.
Currently, only desktop devices are supported for the Hexnode integration. We can not import data from tablets and mobile devices.
To access BitLocker (for disk encryption policies) and Microsoft Defender (Antivirus) on Hexnode, you must have the Hexnode Ultra plan. For more information on how to use BitLocker in Hexnode, click here.
Windows OS updates cannot currently be checked via policy through Hexnode. You will need to upload evidence manually for this check on Windows devices.
Hexnode does not support a firewall policy for Windows devices. Users can instead configure a Microsoft defender policy.
Data from pre-approved enrolled devices can not be synced.
Hexnode cannot natively pick up browser extensions, so if those are being used as a password manager, that compliance check will fail. Your users will need to use the equivalent installed desktop application. Ensure that this app shows on the device's Application List.
At this time, Drata’s device compliance checks using the Hexnode connection confirms the following:
Does the policy of the required name and/or type exist?
Is that policy mapped to the device?
Is that device compliant with that policy?
HERE'S HOW
Policies in Hexnode
Creating policies in Hexnode is necessary for Windows Disk Encryption, Lock Screen, and Antivirus compliance data.
FileVault
Create a policy name and add a description
Note: When naming the FileVault policy, make sure to include “FileVault” in the name so Drata can detect the policy.
Go to the Windows section
In the left navigation bar, scroll down to the security section and select “BitLocker”
Click on “Configure”
Confirm that the “Prompt for device encryption” box is checked.
Click on “Policy Targets” and click “Add Device” to assign the policy to devices you want to configure. After this, click the “Save” button.
Screensaver
Configure a Screensaver policy to ensure a screensaver is active on all devices.
Create a policy name and add a description
Note: When naming the Screensaver policy, make sure to include “Screensaver” in the name so Drata can detect the policy.
Go to the Windows section
In the left navigation bar, scroll down and select “Password” and click on “Configure”
Set the “Auto-lock (in minutes)” option as greater than 0. This corresponds to the number of minutes before the screen automatically locks. For more information, click here.
Click on “Policy Targets” and click “Add Device” to assign the policy to devices you want to configure. After this, click the “Save” button.
Microsoft Defender
Configure Microsoft Defender on all devices.
Create a policy name and add a description
Note: When naming the Microsoft Defender policy, make sure to include “Anti-Virus” in the name so Drata can detect the policy.
Go to the Windows section
In the left navigation bar, scroll down and click on “Microsoft Defender”
Click on “Configure”
Scroll down to the “Windows Defender Security Center”. We recommend selecting the below options. For more information about the options, click here.
Click on “Policy Targets” and click “Add Device” to assign the policy to devices you want to configure. After this, click the “Save” button.
Connecting Hexnode to Drata
Log into your Hexnode admin account and click on “Enroll”. Keep note of the “Server” URL. That will be entered as the API URL in Drata during setup.
Click on “Admin”
Scroll down on the left navigation bar and click on “API”
Click the lock icon to reveal the API Key and take note of that key.
Return to Drata and click on your company’s name in the lower left of the blue sidebar. Click “Connections” from the menu.
Scroll down and look for “Hexnode” and click “Connect”
A drawer will extend asking the API URL and API Token. When entering the API URL from Hexnode, make sure to include “https://” at the front of the URL. Enter the API Key from Hexnode as the Token in Drata.
Once you enter the account details please click “Save & Test Connection” at the bottom.
We need to Configure Hexnode in Drata for employee onboarding. Go back to your company name on the left side and click on “Internal Security.”
Turn on “Automated via Hexnode MDM'' and switch off “Automated via Drata Agent'' to disable the Drata Agent. Note: If both remain on, and the Drata agent is installed on a personnel’s computer, the Drata agent will take precedence over any MDM. This means employee compliance data related to that device will come from the Agent and not the connected MDM.
Congratulations, your Hexnode Integration setup is complete!
Drata will pull data from Hexnode daily once Autopilot completes running.