Hi MalwareTips! How can an end-user computer be checked for endpoint security compliance before it accesses any network resources? e.g. antivirus software is present before the user can access a file server or internal web application?
What a great question. The topic of compliance is almost never discussed, let alone getting into the "How-Tos."
In an enterprise setting, compliance is crafted and verified with various software such as Microsoft Endpoint Manager or a combination of applications created to ensure compliance such as Microsoft Security Compliance Manager\Toolkit. There are compliance methods and procedures for Active Directory, Azure, Microsoft 365 (enterprise). Then there are non-Microsoft equivalents to such compliance methods and software. They are under the category of Compliance Information Management Systems.
In the home consumer market, compliance can be as simple as verifying that Microsoft Defender is running via the Microsoft Account portal for all devices using that Microsoft Account.
The standards of compliance come from various sources such as Microsoft itself, NIST, ISO, DoD, NSA, MITRE, CIS, custom internal compliance standards, and so on. Each will have its own controls and benchmarks.
It is a vast subject that that is fundamentally more important than what security solution that you use. Much more effort should be provided into how-to comply and protect than "OK, use this softwares because it is popular. You are protected."
