Hi All, we’ve recently started to deploy a pilot group of Windows 11 laptops that are built using MS autopilot and managed by Azure Intune. So in short, these are not bound to our on-prem domain.
I am having problems getting authenticated scans with the Intune account we created.
I’m also having a hard time finding any documentation for such.
Has anyone done this successfully? Does this work/not work using Nexpose?
Any information would be greatly appreciated.
Thank you,
JoeC
Hello,
I suggest and advise platform admins to deploy the Insight Agent during the enrollment process, as it makes it easier to conduct authenticated scans of Windows 11 laptops managed by Intune. This approach allows you to automate the packaging and installation of the agent, trying to ensure it is deployed as devices are onboarded. Since Intune-managed devices do not use domain-based credentials but local administrators privileges, the Insight Agent provides a more secure and reliable method to maintain continuous visibility into vulnerabilities without requiring others higher privileges for remote scans. This ensures seamless integration with InsightVM and enables real-time assessments with minimal effort.
Regards,
Hi @Hak, thanks very much for your reply. We are installing the agent during enrollment and understand that the agent will provide solid intel but still we prefer to have the ability to perform manual remote scans at times.
Regards,
Joe
@jcarissimo Thank you for your feedback.
For manual remote scans on Intune endpoints, we never try, the use case plays an important role:
Discovery Scans: These are generally straightforward and can be performed without significant challenges.
Full Authenticated Scans: These can be more complex, particularly on Windows systems. It’s worth testing how this works with Intune-enrolled devices, and the options given by R7, will give a try.
Additionally, correlating assets using Insight Agent UUIDs is a valuable feature that can bridge gaps in scan data in case you didn’t see this feature.
Regards,