|Answered by Mark Hofman, Chief Technology Officer, CyberCX|
Posture assessment is a good idea as there are several risks relating to employees using their own devices for work purposes.
Several VPN products will perform a ‘health check’ on the device before an endpoint is allowed to complete a connection to the network. This can be used to enforce a minimum baseline for security such as patching levels and the presence of an up to date AV product. If you have this facility available, then I would suggest using it. If you are using o365 and your licensing allows it, then I would suggest onboarding devices (including home devices, assuming the user allows this) to Defender ATP. This will provide you with information on the device, including software installed and any relevant vulnerabilities. You could onboard further to Intune for more active management, even for BYOD devices. However, make sure you have a plan in case users refuse that level of control.
View our 5 easy steps to improve your cyber resilience.