How To Achieve Device Visibility & Control With Ease
Duo introduced Device Health App in November 2019 with the goal to close the secure access management gap between user identities and endpoints.
Duo Device Health App gives organizations more visibility and control over which desktop and laptop devices are able to access corporate applications based on the security posture of the device. Compliance with corporate device health policy can be enforced each time the user attempts to authenticate.
If the device is compliant the user is allowed through. If not, the health app guides the user through the actions needed to become compliant. For example, if disk encryption is required but not turned on, the app will walk the user through the steps needed to enable FileVault or BitLocker encryption.
We Incorporated Customer Feedback for Enhanced Ease-of-Use
Multiple customers partnered with us as we designed and built the app, giving feedback and helpful suggestions at every step of the way. Over the last year and a half, we have continued to receive customer feedback and act on it. We are pleased to announce the general availability of three new capabilities that make the Device Health app easier to deploy in customers’ environments and more end-user friendly.
1. Gain Visibility in a Frictionless Manner With Reporting Mode
Reporting mode offers a frictionless way to get a sense for the overall security posture of your fleet of desktops and laptops. When deployed in this mode, the Device Health app will simply collect health data and report it back at each authentication when the application is installed on the access device. If the user decides not to install the app, the authentication will proceed without prompting the user for installation or blocking the user’s access.
Simply deploy the app using a system management tool and get immediate visibility.
For example, you might be pretty sure that disk encryption is enabled on all of your users’ devices, but by deploying the Device Health app in reporting mode you can eliminate the risk of blocking users. Once you’re satisfied that your devices are compliant with company standards, then you can confidently enforce the device-based access policy without impact to user productivity or IT helpdesk using the Device Health app.
Visit our documentation page to understand the various Device Health Application policy options.
2. Improve Productivity & Usability By Hiding a Health Check Row
Hide a health check row and reporting mode pair well together, just like peanut butter and chocolate.
Hide a health check row lets you hide one or more of the rows on the home screen of the Device Health app by using your system management tool to modify Windows registry keys or push out a plist file on MacOS. Now the users only see what they can remediate and won’t get stuck trying to fix a problem that they cannot fix.
Let’s say you’ve deployed the Device Health app in reporting mode to all of your desktops and laptops, and one of your users notices that BitLocker isn’t enabled. The app will guide the user through the steps needed to enable it, but what if the user doesn’t have permission to make changes to BitLocker settings? It’s very common for users to not have administrative privileges, and in this case the user would be stuck.
The Endpoints and Authentication Log reports will show that BitLocker isn’t enabled on that device, so that it can be turned on by administrators that have permissions to do so.
Check out this article for detailed instructions on how to hide a health check row.
3. Get Granular Control Using Operating System Specific Device Health Policies
Many organizations today have a mix of Windows and MacOS devices in their IT environment. To ensure appropriate levels of trust across the diverse device platforms, administrators must be able to enforce granular health policies based on the Operating System (OS) of the device. For example, let’s say you wanted to require the firewall to be turned on for systems running MacOS but not for Windows devices. Now, with Device Health app, administrators can enforce distinct policies for MacOS and Windows devices with OS specific device health policies.
At Duo, we work closely with our customers to gather feedback and develop features that solve real world problems. The recently added capabilities make it easier for customers to establish device trust by making it simple to adopt and deploy Device Health app, while minimizing user friction and impact to productivity. We are eager to hear from you on how these additional controls help you improve your security program.
Learn More
Learn how you can use Duo to block access for vulnerable and risky devices
Sign-up for a free trial to test drive Device Health application
Try Duo For Free
See how easy it is to get started with Duo and secure your workforce, from anywhere and on any device with our free 30-day trial.