# Extended Checks for Disk Encryption, Antivirus, and Screen Lock ### **Overview** Sprinto’s enhanced integration with **Hexnode** now supports automated monitoring of three additional compliance checks: * **Disk encryption** — Verifies that FileVault (macOS) or BitLocker (Windows) is enabled on devices. * **Antivirus** — Confirms the presence of antivirus software based on application data from Hexnode APIs. * **Screen lock** — Ensures devices automatically lock after a defined period of inactivity. These improvements allow Sprinto to monitor your organisation’s security posture in real time and reduce the need for manual compliance evidence. *** ### **Prerequisites** Before enabling extended checks, ensure that: * You have admin access to your Hexnode account. * You can create or edit passcode and encryption policies for macOS and Windows devices. * You can target policies to the correct set of devices. *** ### **Step 1 – Configure Antivirus Check** Sprinto validates antivirus status using the **antivirus name** retrieved from Hexnode’s list of installed applications via API. To pass this check: * Ensure your managed devices have a supported antivirus installed and detected in Hexnode’s application inventory. *** ### **Step 2 – Configure Screen Lock (Passcode) Policy** Sprinto checks screen lock compliance based on your **passcode policy** in Hexnode. The **Auto lock** setting must be **15 minutes or less**. #### **Create a new passcode policy:** 1. In Hexnode, go to **Policies** → **Create a new policy**. 2. Add a **Policy name** and **Description**. 3. Navigate to **macOS** → **Passcode** → **Configure**. 4. Set **Auto lock** to **15 minutes or less**. 5. Attach the policy to target devices: * Go to **Policy Targets** within the **Policies** tab. * Select **Devices** → **Add devices** → Choose the required devices → Click **OK**. 6. Repeat the above steps for your **Windows policy**. #### **Modify an existing passcode policy:** * **For macOS:** 1. In **Policies**, select the existing policy. 2. Click **Manage policy** and verify **Auto lock** is set to **15 minutes or less**. 3. Ensure the policy is attached to the correct devices via **Policy Targets** → **Manage policy** → **Associate Targets** → Select devices → **Associate**. * Repeat the same process for the **Windows policy**. *** ### **Step 3 – Configure Disk Encryption Policy** Sprinto verifies disk encryption status using your Hexnode **security** policies: * **For macOS:** Enable **FileVault**. * **For Windows:** Enable **BitLocker**. To configure: 1. In your Hexnode policy, go to **Security** and enable FileVault (Mac) or BitLocker (Windows). 2. Attach the encryption policy to the correct devices via **Policy Targets** as described in Step 2. *** ### **How Sprinto Tracks Compliance** * **Disk encryption:** Reads FileVault/BitLocker status from Hexnode’s policy compliance reports. * **Antivirus:** Detects antivirus from the device’s installed apps list via API. * **Screen lock:** Validates Auto lock time from passcode policy settings. *** ### **Next Steps** Once configured: * New **Disk Encryption**, **Antivirus**, and **Screen Lock** monitors will appear in your **Staff Devices** section in Sprinto. * Non-compliant devices will be flagged, and remediation tasks will be assigned where applicable. * Compliance status will update automatically based on Hexnode’s device reports.