Available Now: Duo Device Health App Extends Security Checks for Desktops and Laptops
We are happy to announce the availability of the new Duo Device Health application. It gives organizations more control over which laptop and desktop computers can access corporate applications based on device security, enforcing compliance each time a user attempts to authenticate. It provides a seamless end user experience when the device is healthy, and guides end users to take specific steps to remediate their device if it isn’t.
Duo’s existing device access policies provide access control and insight of laptop and desktop devices based on OS and browser version as well as plugin.
Duo Device Health application gives you the option to extend endpoint control and visibility beyond what is possible today.
For more product details, see previous blog post here.
Why it is Different
There are several approaches for checking device health, so let’s take a closer look at why the Device Health application is different from other capabilities currently available in the market.
It works at the application layer. Duo Device Health application is integrated into the Duo authentication path and protects applications that end users access via the Duo web prompt for two-factor authentication. It works for both cloud/SaaS and on-premise applications.
It does this by:
- Checking device health every time the user authenticates to an application
- Providing granular, application-level access control
- Enforcing compliance at the time of authentication
- Working with corporate cloud/SaaS and on-premise applications
It respects end user privacy. Many of our customers told us they had challenges getting end users to enroll their BYO (bring your own) devices in traditional device management systems because they did not want to give the organization administrative control. They didn’t want to enroll their device in a system that could change the configuration of their device without their consent.
As a result, we designed the Device Health application to provide end users with autonomy and sense of ownership of their devices (especially non-employees, temporary workers, contractors and other users with BYOD) by:
- Ensuring that there would be no forced configuration changes or data destruction on the device
- Collecting a limited amount of data from the device client application
- Allowing the end user to easily uninstall the client application
- Providing clearly stated information within the client application describing what the application can and cannot do
It isn’t limited to specific device and identity management solutions. We recognize that you have many choices for managing devices and user identities. So Device Health application works for any mix of BYO and corporate-owned devices by:
- Not requiring enrollment in a specific device management solution
- Providing insight to both BYO and corporate-owned devices
- Enabling broad application coverage regardless of identity provider
Our customers were closely involved throughout the product development journey. From the earliest discovery conversations and user research sessions, our customers played a critical role in bringing this product to market. Our customers partnering with us early in the process to help us build a deep understanding of the problems they faced and provide essential feedback on potential solutions long before we started developing software.
We’ve had very strong interest from customers during the beta period leading up to the release with over 40 customers participating. We recently hosted a heavily-attended customer webinar recorded here where we provided a more in-depth overview of the product.
We’re very grateful to those of you who joined us on this product discovery journey so I want to thank you.
How to Get Access
Duo Access Edition now includes the base set of native operating system (OS) level health checks in the Duo Access Edition including native Windows/macOS disk encryption, firewall, password enabled and patch-level enforcement. Additional 3rd party health checks, such as endpoint agent verification are included in Duo Beyond Edition.
If you are an Access or Beyond Edition customer, you can now access the product. Simply log into the Duo Admin UI, scroll to the Policies section, and select and enable the new Duo Health application policy.
For more details please see our admin guide here.
The product is available and that’s a huge milestone, but we’re just getting started and excited about what’s coming next. For starters, we will soon be adding support for endpoint security agent verification, which requires a device to have an anti-malware/antivirus product installed prior to gaining access. To learn more please contact your account representative.