I got a request from my customer that want to detect non-corporate network via another wired interface while authenticated. Would like to know what kind of windows registry will show if the endpoint currently connected with multiple network? or is there any other solution for this scenario?
This has not been tested but I would setup regmon on the endpoint and see what changes occur when the other NIC is connected. Perhaps with that information you could setup a Registry Host Check on the IC to detect the addition of these other keys and then act on them.