We use Sophos to secure our network via VPN, firewall, and Anti-virus.
We need to allow contractors to connect to our network. We have already set policy that the contractor must have Sophos antivirus client installed on their computer (they can spin up a virtual machine if they need to) and we have set policy that all clients must be Windows 7 or higher and they must use the Sophos VPN client to connect.
Question: When a contractor connects via Sophos VPN client, how can we determine that their computer has the antivirus installed and is up-to-date? Also, how about patches?
Note: Contractor computers are NOT domain members. They are stand-alone.