Abandoning deployment if machine is using 4G/5G carrier data plan
Can anyone think of a way to have PDQ *not* deploy to a device if it's using a 4G/5G SIM/dongle or is tethered to a mobile? To make this even harder, to know outside of a VPN to the corporate network when on a mobile network?
While you may be able to check if the active connection is cellular (if direct on the laptop itself), tethered to a mobile device via hotspot methods would present as a WiFi connection to Windows.
What do you do in the case of multiple active connections (i.e. cellular and WiFi)? Will you have to check all, see what is active and confirm the binding order to proceed? Maybe this is not a PDQ issue. Maybe it is a VPN issue. What VPN are you using for these 4G/5G users? Can/should you disallow access to certain internal resources based on the network adapter connected to the VPN?
You could theoretically create a dynamic collection to check if they are on a cellular dongle with something like this. Of course this relies on your scans being pretty recent so you may want to include a scan age condition as well:
Once you have this collection created and populated you could simply add a condition to your PDQ Deploy packages for collection is not member of.
both excellent posts, thanks. I think I'll explore the VPN-origin option more actually as this seems a more surefire way of disallowing PDQ traffic over cellular
Please sign in to leave a comment.