Callisto Total Compliance
How to Know What ConfigMgr Doesn't Know
Problem
• ConfigMgr only scans for compliance against the products and classifications you have selected in your SUP setup.
• Selecting all the products is impractical, leads to long scan times and a million-row WSUS updates database.
• Because of this, products can be in use in the environment and no compliance data is ever presented. CVEs related to these products will be left unresolved.
Solution
• Callisto Total Compliance supplements your ConfigMgr compliance data with additional data from Windows Update and Microsoft Update.
• Full visibility of all Microsoft vulnerabilities.
Setup:
Enable Callisto Inventory Extensions (via Callisto Admin Node).
Deploy new inventory classes to all in-scope client systems via ConfigMgr Admin node.
Deploy Callisto Inventory Package to All Systems via ConfigMgr.
Operation:
Callisto Inventory package runs on clients and scans against MU (if possible, falls back to WU if not) and populates Callisto custom inventory classes in client WMI.
Hardware Inventory picks up new inventory during standard HINV process.
Reporting:
New Callisto Microsoft Update dashboard shows compliance information from MU/WU.
MU data includes all products and classifications, also drivers and firmware.
Requirements
You must complete the implementation steps in the Configuration Guide
Once the inventory classes are added and have been deployed to your clients and the inventory script has been run, hardware inventory will pick up the results.
The client devices must have access to the Microsoft Update (preferred) or Windows Update. NB if you disable access to the update settings via policy Callisto will handle that, but if these are blocked at the network level the client script will output failure.