Skip navigation
Product & Engineering

The dawn of a simpler, helpful policy experience

Headshot of Andrea Neuhoff, Senior Lead Product Designer
Andrea Neuhoff
3 minute read

A key way to get the most out of Duo and the biggest return on your investment is to use Duo’s policy engine to customize the security experience and provide granular access to applications and resources.

It’s been 10 years since Duo first released its policy engine. Over time, we have added 18 different kinds of policy rules that help keep our customers ahead of new security needs. However, more options meant we needed to improve the administrative experience in a simple, easy-to-understand way.

We’re excited to share that we’ve refreshed the entire policy creation experience, making it easier to use and now providing useful decision-making information as-you-go. Best of all, the new policy editor stays true to the familiar Duo interface. No need to learn a new UI.

Familiar, with quality-of-life upgrades

The general layout of the policy editor should feel familiar, but the new experience makes it easier to find links to documentation, understand which devices will be affected by the policy, and learn of important dependencies.

Duo Policy Editor Create a new policy screen

For every kind of rule you can create, Duo now shows the information you want to know to be confident in your choices. For example, say you want to set up a rule about authorized networks requiring certain IPs to authenticate every time. The new policy editor surfaces a warning about how this will affect other rules in the policy.

Duo policy manager create a new policy

Built-in recommendations

The policy editor now includes recommendations and explanations for each type of rule. You’ll learn what they protect against and what Duo recommends. These sections can be found below configuration.

Duo policies tampered devices

The strength of an authentication method is a key consideration when selecting which methods are allowed. Duo now provides helpful information during the selection process. For example, it’s recommended to only allow phishing-resistant methods for privileged users. These are directly highlighted when setting the policy.

Duo policies recommended authentication methods

Data visualizations add context to impact (coming soon)

We know not everyone is able to easily access or visualize the effect of new policy in their environments—so we’re doing it for you.

The new policy editor now has data about your Duo environment. Each data visualization directly relates to the granular choices you can make when setting policy.

For example, in the operating systems section, you’ll be able to see how many Windows and Mac computers are accessing your protected applications and if they are up to date or out of date.

Duo operating systems data visualization

If you are looking at which authentications to allow, you will be able to see how many users and authentications have used that method in the last 30 days and predict the impact of the policy.

Duo authentication methods data

We’re adding data like this to four kinds of policy initially: user location, operating systems, risk-based factor selection, and authentication methods.

Ultimately, we want to make navigating Duo policy as simple as possible for administrators. We’d love to hear what you think of the data. Which sections would you like to see us build next? And what data do you really need to create the best policy for your business?

Get started with the New Policy Engine today! See a full list of improvements in the policy documentation.