Hexnode – Extended Checks for Disk Encryption, Antivirus, and Screen Lock

Overview

Sprinto’s enhanced integration with Hexnode now supports automated monitoring of three additional compliance checks:

• Disk encryption — Verifies that FileVault (macOS) or BitLocker (Windows) is enabled on devices.

• Antivirus — Confirms the presence of antivirus software based on application data from Hexnode APIs.

• Screen lock — Ensures devices automatically lock after a defined period of inactivity.

These improvements allow Sprinto to monitor your organisation’s security posture in real time and reduce the need for manual compliance evidence.

Prerequisites

Before enabling extended checks, ensure that:

• You have admin access to your Hexnode account.

• You can create or edit passcode and encryption policies for macOS and Windows devices.

• You can target policies to the correct set of devices.

Step 1 – Configure Antivirus Check

Sprinto validates antivirus status using the antivirus name retrieved from Hexnode’s list of installed applications via API.

To pass this check:

• Ensure your managed devices have a supported antivirus installed and detected in Hexnode’s application inventory.

Step 2 – Configure Screen Lock (Passcode) Policy

Sprinto checks screen lock compliance based on your passcode policy in Hexnode. The Auto lock setting must be 15 minutes or less.

Create a new passcode policy:

1. In Hexnode, go to Policies → Create a new policy.

2. Add a Policy name and Description.

3. Navigate to macOS → Passcode → Configure.

4. Set Auto lock to 15 minutes or less.

5. Attach the policy to target devices:

   • Go to Policy Targets within the Policies tab.

   • Select Devices → Add devices → Choose the required devices → Click OK.

6. Repeat the above steps for your Windows policy.

Modify an existing passcode policy:

• For macOS:

  1. In Policies, select the existing policy.

  2. Click Manage policy and verify Auto lock is set to 15 minutes or less.

  3. Ensure the policy is attached to the correct devices via Policy Targets → Manage policy → Associate Targets → Select devices → Associate.

• Repeat the same process for the Windows policy.

Step 3 – Configure Disk Encryption Policy

Sprinto verifies disk encryption status using your Hexnode security policies:

• For macOS: Enable FileVault.

• For Windows: Enable BitLocker.

To configure:

1. In your Hexnode policy, go to Security and enable FileVault (Mac) or BitLocker (Windows).

2. Attach the encryption policy to the correct devices via Policy Targets as described in Step 2.

How Sprinto Tracks Compliance

• Disk encryption: Reads FileVault/BitLocker status from Hexnode’s policy compliance reports.

• Antivirus: Detects antivirus from the device’s installed apps list via API.

• Screen lock: Validates Auto lock time from passcode policy settings.

Next Steps

Once configured:

• New Disk Encryption, Antivirus, and Screen Lock monitors will appear in your Staff Devices section in Sprinto.

• Non-compliant devices will be flagged, and remediation tasks will be assigned where applicable.

• Compliance status will update automatically based on Hexnode’s device reports.