We’ve set a 5-minute screen lock policy on all our macOS devices through Hexnode. It works perfectly, and devices lock themselves after inactivity just like they’re supposed to.
But our Vanta compliance dashboard still insists that “Screen lock is not enabled.”
Not sure what we’re missing here, has anyone run into this before?
28 Views
Hola @aitana
Yep, I’ve seen that behavior.
On macOS, there are two different settings that can trigger a lock:
Even if the auto-lock is working perfectly, Vanta compliance tools often look specifically at the Screen Saver configuration to confirm that the lock is enforced. If the Screen Saver isn’t set to kick in and requires authentication, the Vanta dashboard may report it as non-compliant even though the device does lock.
Ahh, that explains it.
So, the device is secure, but the compliance check is watching a different parameter in the Screen Saver rule instead of the auto-lock one.
We were only looking at the lock timer and assumed that was enough. We’ll go ahead and configure the Screen Saver to require a password and tie it to the same inactivity duration.
Thanks @mo-chou, that clears up the confusion.
Exactly! Think of the screen saver as the “visual” part that steps in before the lock, it’s what compliance checks usually reference.
Once you enable a screen saver and set it to require a password on exit, you’ll cover both sides: actual security and compliance reporting. Easy win for both boxes.
Don't have an account? Sign up
