sendnrw/netbird-docs
2
0
Fork 0
mirror of https://github.com/netbirdio/docs.git synced 2026-04-15 23:16:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Rename force approval docs to bypass compliance

Browse Source 
- Rename force-approval.mdx to bypass-compliance.mdx
- Update navigation title from "Force Approval" to "Bypass Compliance"
- Update all internal links to use new path
- Update image paths to /bypass-compliance/
- Update terminology in EDR integration docs
This commit is contained in:
mlsmaycon
2026-01-28 12:51:49 +01:00
parent 568fd9d964
commit 307712b661
8 changed files with 165 additions and 164 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/components/NavigationDocs.jsx
View File

@@ -126,7 +126,7 @@ export const docsNavigation = [
{ title: 'Microsoft Intune', href: '/manage/access-control/endpoint-detection-and-response/intune-mdm' },
{ title: 'SentinelOne Singularity', href: '/manage/access-control/endpoint-detection-and-response/sentinelone-edr' },
{ title: 'Huntress', href: '/manage/access-control/endpoint-detection-and-response/huntress-edr' },
{ title: 'Force Approval', href: '/manage/access-control/endpoint-detection-and-response/force-approval' },
{ title: 'Bypass Compliance', href: '/manage/access-control/endpoint-detection-and-response/bypass-compliance' },
]
},
]

158
src/pages/manage/access-control/endpoint-detection-and-response/bypass-compliance.mdx Normal file
View File

@@ -0,0 +1,158 @@
# Bypass Compliance for Non-Compliant Peers
In some situations, you may need to grant network access to a peer that fails EDR or MDM compliance checks. NetBird provides a **compliance bypass** mechanism that allows administrators to override compliance rejections on a per-peer basis.
## When to Use Compliance Bypass
Compliance bypass is useful in scenarios such as:
- **Temporary exceptions**: A device needs immediate network access while compliance issues are being resolved.
- **Testing and development**: Test devices that may not have EDR agents installed.
- **Legacy devices**: Older devices that cannot run the required EDR agent but still need limited network access.
- **False positives**: When the EDR platform incorrectly flags a compliant device.
<Note>
Compliance bypass should be used sparingly and only when necessary. It bypasses security controls designed to protect your network.
</Note>
## How Compliance Bypass Works
When you bypass compliance for a peer:
1. The peer immediately gains network access, regardless of its compliance status.
2. The bypass remains active until:
- An administrator manually revokes it, OR
- The device becomes naturally compliant in the EDR system (bypass is automatically removed)
3. All bypass actions are logged in the [Activity Events](/manage/activity-events) for audit purposes.
## Bypass Compliance for a Peer
To bypass compliance for a non-compliant peer:
1. Navigate to the [Peers](https://app.netbird.io/peers) page in the NetBird dashboard
2. Locate the peer showing `Non-compliant` status (red badge)
3. Hover over the **Bypass** button to see which integration's compliance check will be bypassed
4. Click the **Bypass** button and confirm the action in the dialog
<p>
<img src="/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/bypass-button.png" alt="Bypass button" className="imagewrapper-big"/>
</p>
The peer will immediately gain network access and the non-compliant status will be replaced with a green `Bypassed` badge.
## View Bypassed Peers
To see all peers that have compliance bypassed:
1. Navigate to the [Peers](https://app.netbird.io/peers) page
2. Click the **Bypassed** filter button (shows a count badge with the number of bypassed peers)
<p>
<img src="/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/bypassed-filter.png" alt="Bypassed filter button" className="imagewrapper-big"/>
</p>
The filter can be combined with connection status filters:
- Click **Online** + **Bypassed** to see only online bypassed peers
- Click **Offline** + **Bypassed** to see only offline bypassed peers
Hovering over the filter buttons shows helpful tooltips:
- **Non-Compliant**: "Peers that failed compliance checks and need attention"
- **Bypassed**: "Peers with compliance checks bypassed by an administrator"
## Revoke Compliance Bypass
To revoke a bypass and return a peer to normal compliance validation:
1. Navigate to the [Peers](https://app.netbird.io/peers) page
2. Click on the peer with bypassed compliance
3. Click the **Revoke** button next to the "Bypassed" badge
4. Confirm the action
<p>
<img src="/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/revoke-bypass.png" alt="Revoke compliance bypass" className="imagewrapper-big"/>
</p>
Once revoked, the peer will be subject to normal compliance checks. If the device is still non-compliant, it will lose network access and show the `Non-compliant` status again.
## Batch Operations
You can bypass compliance or revoke bypass for multiple peers at once:
### Batch Bypass
1. Navigate to the [Peers](https://app.netbird.io/peers) page
2. Select multiple peers using the checkboxes (peers must have non-compliant status)
3. In the action bar that appears at the bottom, click the **Bypass Compliance** button (shield icon)
4. Confirm the action in the dialog
<p>
<img src="/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/batch-bypass.png" alt="Batch bypass" className="imagewrapper-big"/>
</p>
The button shows a count of how many selected peers will have compliance bypassed.
### Batch Revoke Bypass
1. Navigate to the [Peers](https://app.netbird.io/peers) page
2. Select multiple bypassed peers using the checkboxes
3. In the action bar that appears at the bottom, click the **Revoke Compliance Bypass** button (shield-off icon)
4. Confirm the action in the dialog
<p>
<img src="/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/batch-revoke-bypass.png" alt="Batch revoke bypass" className="imagewrapper-big"/>
</p>
<Note>
Batch operation buttons only appear when you have an EDR integration enabled and have selected peers that can have compliance bypassed or revoked.
</Note>
## Automatic Removal of Bypass
Compliance bypass is automatically removed when a device becomes naturally compliant in your EDR platform. This ensures that:
- Devices don't retain unnecessary administrative overrides
- Your security posture improves as devices become compliant
- You don't need to manually clean up bypasses
For example, if you bypass compliance for a peer because its EDR agent was temporarily offline, the bypass will be automatically removed once the agent reconnects and the device passes compliance checks.
## Activity Logging
All compliance bypass actions are recorded in the activity log:
| Event | Description |
|-------|-------------|
| `Peer compliance bypassed by admin` | An administrator bypassed compliance for a peer |
| `Peer compliance bypass revoked` | An administrator or the system removed the bypass |
You can view these events in the [Activity Events](/manage/activity-events) page, including details about which administrator performed the action and the original rejection reason.
## API Access
Compliance bypass can also be managed via the NetBird API:
```bash
# Bypass compliance for a peer
curl -X POST "https://api.netbird.io/api/peers/{peer-id}/edr/bypass" \
-H "Authorization: Token <your-api-token>"
# Revoke compliance bypass
curl -X DELETE "https://api.netbird.io/api/peers/{peer-id}/edr/bypass" \
-H "Authorization: Token <your-api-token>"
# List all bypassed peers
curl -X GET "https://api.netbird.io/api/peers/edr/bypassed" \
-H "Authorization: Token <your-api-token>"
```
## Best Practices
- **Document exceptions**: Keep a record of why each compliance bypass was granted.
- **Review regularly**: Periodically review bypassed peers and revoke bypasses that are no longer needed.
- **Use time-limited access**: Consider revoking bypasses after a defined period.
- **Monitor activity**: Watch for unusual patterns in bypass usage.
- **Prefer compliance**: Always aim to bring devices into compliance rather than relying on bypasses.
<Note>
Compliance bypass requires the `EDR Update` permission. Only users with appropriate roles can bypass compliance or revoke bypasses.
</Note>

2
src/pages/manage/access-control/endpoint-detection-and-response/crowdstrike-edr.mdx
View File

@@ -89,4 +89,4 @@ with a `Approval required` mark in the peers list and won't be able to access th
## Managing Exceptions
If you need to grant network access to a peer that fails CrowdStrike compliance checks, you can use the force approval feature. See [Force Approve EDR-Rejected Peers](/manage/access-control/endpoint-detection-and-response/force-approval) for details.
If you need to grant network access to a peer that fails CrowdStrike compliance checks, you can bypass compliance for that peer. See [Bypass Compliance for Non-Compliant Peers](/manage/access-control/endpoint-detection-and-response/bypass-compliance) for details.

157
src/pages/manage/access-control/endpoint-detection-and-response/force-approval.mdx
View File

@@ -1,157 +0,0 @@
# Force Approve EDR-Rejected Peers
In some situations, you may need to grant network access to a peer that fails EDR or MDM compliance checks. NetBird provides a **force approval** mechanism that allows administrators to override EDR rejections on a per-peer basis.
## When to Use Force Approval
Force approval is useful in scenarios such as:
- **Temporary exceptions**: A device needs immediate network access while compliance issues are being resolved.
- **Testing and development**: Test devices that may not have EDR agents installed.
- **Legacy devices**: Older devices that cannot run the required EDR agent but still need limited network access.
- **False positives**: When the EDR platform incorrectly flags a compliant device.
<Note>
Force approval should be used sparingly and only when necessary. It bypasses security controls designed to protect your network.
</Note>
## How Force Approval Works
When you force approve a peer:
1. The peer immediately gains network access, regardless of its EDR compliance status.
2. The force approval remains active until:
- An administrator manually revokes it, OR
- The device becomes naturally compliant in the EDR system (force approval is automatically removed)
3. All force approval actions are logged in the [Activity Events](/manage/activity-events) for audit purposes.
## Force Approve a Peer
To force approve an EDR-rejected peer:
1. Navigate to the [Peers](https://app.netbird.io/peers) page in the NetBird dashboard
2. Locate the peer showing `Approval required` status
3. Click on the peer to open its details
4. Click the **Force Approve** button
5. Confirm the action in the dialog
<p>
<img src="/docs-static/img/manage/access-control/endpoint-detection-and-response/force-approval/force-approve-button.png" alt="Force approve button" className="imagewrapper-big"/>
</p>
The peer will immediately gain network access and the `Approval required` status will be replaced with a `Force Approved` indicator.
## View Force-Approved Peers
To see all peers that have been force approved:
1. Navigate to the [Peers](https://app.netbird.io/peers) page
2. Click the **Force Approved** filter button (shows a count badge with the number of force-approved peers)
<p>
<img src="/docs-static/img/manage/access-control/endpoint-detection-and-response/force-approval/force-approved-filter.png" alt="Force approved filter button" className="imagewrapper-big"/>
</p>
The filter can be combined with connection status filters:
- Click **Online** + **Force Approved** to see only online force-approved peers
- Click **Offline** + **Force Approved** to see only offline force-approved peers
Force-approved peers are visually distinguished from naturally compliant peers with a green "Force Approved" badge, making it easy to track which devices have administrative overrides in place.
## Revoke Force Approval
To revoke a force approval and return a peer to normal EDR validation:
1. Navigate to the [Peers](https://app.netbird.io/peers) page
2. Click on the force-approved peer
3. Click the **Revoke Force Approval** button
4. Confirm the action
<p>
<img src="/docs-static/img/manage/access-control/endpoint-detection-and-response/force-approval/revoke-force-approval.png" alt="Revoke force approval" className="imagewrapper-big"/>
</p>
Once revoked, the peer will be subject to normal EDR compliance checks. If the device is still non-compliant, it will lose network access and show `Approval required` status again.
## Batch Operations
You can force approve or revoke force approval for multiple peers at once:
### Batch Force Approve
1. Navigate to the [Peers](https://app.netbird.io/peers) page
2. Select multiple peers using the checkboxes (peers must have `Approval required` status)
3. In the action bar that appears at the bottom, click the **Force Approve** button (shield icon)
4. Confirm the action in the dialog
<p>
<img src="/docs-static/img/manage/access-control/endpoint-detection-and-response/force-approval/batch-force-approve.png" alt="Batch force approve" className="imagewrapper-big"/>
</p>
The button shows a count of how many selected peers will be force approved.
### Batch Revoke Force Approval
1. Navigate to the [Peers](https://app.netbird.io/peers) page
2. Select multiple force-approved peers using the checkboxes
3. In the action bar that appears at the bottom, click the **Revoke Force Approval** button (shield-off icon)
4. Confirm the action in the dialog
<p>
<img src="/docs-static/img/manage/access-control/endpoint-detection-and-response/force-approval/batch-revoke-force-approval.png" alt="Batch revoke force approval" className="imagewrapper-big"/>
</p>
<Note>
Batch operation buttons only appear when you have an EDR integration enabled and have selected peers that can be force approved or have their force approval revoked.
</Note>
## Automatic Removal of Force Approval
Force approval is automatically removed when a device becomes naturally compliant in your EDR platform. This ensures that:
- Devices don't retain unnecessary administrative overrides
- Your security posture improves as devices become compliant
- You don't need to manually clean up force approvals
For example, if you force approve a peer because its EDR agent was temporarily offline, the force approval will be automatically removed once the agent reconnects and the device passes compliance checks.
## Activity Logging
All force approval actions are recorded in the activity log:
| Event | Description |
|-------|-------------|
| `Peer force approved by admin` | An administrator granted force approval to a peer |
| `Peer force approval revoked` | An administrator or the system removed force approval |
You can view these events in the [Activity Events](/manage/activity-events) page, including details about which administrator performed the action and the original rejection reason.
## API Access
Force approval can also be managed via the NetBird API:
```bash
# Force approve a peer
curl -X POST "https://api.netbird.io/api/peers/{peer-id}/edr/force-approve" \
-H "Authorization: Token <your-api-token>"
# Revoke force approval
curl -X DELETE "https://api.netbird.io/api/peers/{peer-id}/edr/force-approve" \
-H "Authorization: Token <your-api-token>"
# List all force-approved peers
curl -X GET "https://api.netbird.io/api/peers/edr/force-approved" \
-H "Authorization: Token <your-api-token>"
```
## Best Practices
- **Document exceptions**: Keep a record of why each force approval was granted.
- **Review regularly**: Periodically review force-approved peers and revoke approvals that are no longer needed.
- **Use time-limited access**: Consider revoking force approvals after a defined period.
- **Monitor activity**: Watch for unusual patterns in force approval usage.
- **Prefer compliance**: Always aim to bring devices into compliance rather than relying on force approvals.
<Note>
Force approval requires the `EDR Update` permission. Only users with appropriate roles can force approve or revoke approvals.
</Note>

2
src/pages/manage/access-control/endpoint-detection-and-response/huntress-edr.mdx
View File

@@ -92,4 +92,4 @@ Treat the API credentials securely and store them safely. You will need both the
## Managing Exceptions
If you need to grant network access to a peer that fails Huntress compliance checks, you can use the force approval feature. See [Force Approve EDR-Rejected Peers](/manage/access-control/endpoint-detection-and-response/force-approval) for details.
If you need to grant network access to a peer that fails Huntress compliance checks, you can bypass compliance for that peer. See [Bypass Compliance for Non-Compliant Peers](/manage/access-control/endpoint-detection-and-response/bypass-compliance) for details.

4
src/pages/manage/access-control/endpoint-detection-and-response/index.mdx
View File

@@ -42,6 +42,6 @@ NetBird integrates with the following EDR platforms:
## Managing Exceptions
In some cases, you may need to grant network access to devices that don't meet EDR compliance requirements. NetBird provides a force approval mechanism for these scenarios:
In some cases, you may need to grant network access to devices that don't meet EDR compliance requirements. NetBird provides a compliance bypass mechanism for these scenarios:
* [Force Approve EDR-Rejected Peers](/manage/access-control/endpoint-detection-and-response/force-approval)
* [Bypass Compliance for Non-Compliant Peers](/manage/access-control/endpoint-detection-and-response/bypass-compliance)

2
src/pages/manage/access-control/endpoint-detection-and-response/intune-mdm.mdx
View File

@@ -166,4 +166,4 @@ with a `Approval required` mark in the peers list and won't be able to access th
## Managing Exceptions
If you need to grant network access to a peer that fails Intune compliance checks, you can use the force approval feature. See [Force Approve EDR-Rejected Peers](/manage/access-control/endpoint-detection-and-response/force-approval) for details.
If you need to grant network access to a peer that fails Intune compliance checks, you can bypass compliance for that peer. See [Bypass Compliance for Non-Compliant Peers](/manage/access-control/endpoint-detection-and-response/bypass-compliance) for details.

2
src/pages/manage/access-control/endpoint-detection-and-response/sentinelone-edr.mdx
View File

@@ -112,5 +112,5 @@ Treat the API token securely and store it safely. You will need both the console
## Managing Exceptions
If you need to grant network access to a peer that fails SentinelOne compliance checks, you can use the force approval feature. See [Force Approve EDR-Rejected Peers](/manage/access-control/endpoint-detection-and-response/force-approval) for details.
If you need to grant network access to a peer that fails SentinelOne compliance checks, you can bypass compliance for that peer. See [Bypass Compliance for Non-Compliant Peers](/manage/access-control/endpoint-detection-and-response/bypass-compliance) for details.