Contents
Certificate-based Trusted Endpoint verification reached end-of-life on October 7, 2024. Duo device certificates will no longer renew after October 2024. Migrate existing management integrations to solutions that verify endpoint status with Duo Mobile or Duo Desktop. Learn more about migration options in the Duo Trusted Endpoints Certificate Migration Guide.
Duo's Trusted Endpoints feature secures your sensitive applications by ensuring that only known devices can access Duo protected services. When a user authenticates via the Duo Prompt, we'll check for the access device's management status. You can monitor access to your applications from trusted and untrusted devices, and optionally block access from devices not trusted by your organization.
Trusted Endpoints is part of the Duo Essentials, Duo Advantage, and Duo Premier plans.
End of Life Information
Certificate-based Trusted Endpoint verification reached end-of-life status on October 7, 2024. Duo device certificates will no longer renew after October 2024. New Trusted Endpoints deployments must use a supported Duo Desktop trust integration.
Customers with existing Duo device certificate configurations that used Duo Certifier must migrate to a Duo Desktop solution.
Use of Duo Desktop for trust attestation provides several advantages over the use of device certificates:
- It provides a more accurate assessment of your domain member computers, and removes concerns about long-lived certificates present on devices no longer managed by your organization.
- It extends support to Firefox users. Trusted Endpoint certificate detection only works with Chrome, Edge, Safari, and Internet Explorer (depending on the management system).
- Improves trust detection for web browsers and thick client applications.
See the Duo Trusted Endpoints Certificate Migration Guide for more information.
Troubleshooting
Need some help? Take a look at our Trusted Endpoints Knowledge Base articles or Community discussions. For further assistance, contact Support.