Our department has a thousand Microsoft Windows 7 laptops roaming outside the agency. They access the company via VPN. Many of these users are V.I.P. customers log in only every several months or more.
We currently have a security policy in place that disables systems that have not communicated back within 30 days. Also, we rely on making sure all systems in the domain are patched and up-to-date to pass our accreditation.
My question is this:
What would you suggest as a solution to this problem? The requirement here is that we must pass our security standards and stay up to date on patches while still maintaining connectivity and access to our paying V.I.P. customers.