What are Trusted Devices?

In the context of security, you can view devices in the same way you view people. Based on how much you trust a person, they may be welcome in your home or to meet your family. But if you don’t know or trust someone, you’re probably less likely to let that person have that much access.

The same idea applies to devices. If you’re responsible for the health and security of an organization, you probably don’t want unknown devices accessing your network and resources.

A trusted device is a device you recognize and authorize to access your organization’s resources based on your security and access control measures. A trusted device meets the standards of your ​​device trust solution, such as Duo Desktop, which ensures that only devices that meet specific security criteria are granted access to sensitive networks, data, and applications.

Why are trusted devices so important?

As the number of connected devices continues to grow, so does the pressure on security and IT teams to ensure these devices maintain a healthy security posture. Many organizations have employees, contractors and partners who need network access. Some work in the corporate office while others are remote. There are corporate-owned devices, personal devices (BYOD), even shared devices.

Untrusted devices can be easy targets for breaches. Cybercriminals look to exploit vulnerabilities, from outdated endpoint software to the lack of a system password.

Here are eight key posture checks organizations should perform to attest whether a device qualifies as a trusted device:

• Is the device managed?

• Are the operating system (OS) and browser versions, including patch levels up to date?

• Is the enterprise antivirus (AV) agent installed and running?

• Is the host firewall enabled?

• Is disk encryption turned on?

• Does the device have a password set?

• Is the mobile device rooted or jailbroken?

With a comprehensive security solution like Duo Desktop, you can get detailed data on your devices, including the current operating system, patch status, browser versions, and plugin versions, including Flash and Java.

A trusted devices list includes all devices registered, verified, or authenticated as trusted to access systems, resources, or data.

To build or manage a list of trusted devices with Duo:

Build your trusted device inventory with Duo Desktop

Create and maintain an inventory of trusted devices, their health, and their access activities. Add and remove devices, include a description, set a trust expiration date, and more. Register company-issued managed endpoints and unmanaged contractor-owned, partner, and employee personal devices.

Duo Desktop’s manual enrollment integration feature allows IT administrators to manage devices that are not present in an enterprise device management system, such as ‘bring your own devices’ (BYOD) and contractor owned devices.

Add devices to your Manual Enrollment trusted device inventory by uploading a CSV file containing those device identifiers. This is a good way to add many devices at once. You can switch between manually adding devices to the inventory and CSV uploads at will. Both methods will build upon the same trusted device inventory for a given trusted devices integration.

Manage your device inventory with Duo Device Insight

Duo’s Device Insight inventories every user endpoint and provides data on operating system, platform, browser and plugin versions, including passcode, screen lock, full disk encryption and rooted/jailbroken status. Easily search, filter and export a list of devices by OS, browser and plugin, and refine searches to find out who’s susceptible to the latest iOS or Android vulnerability.

Manage device access with Duo Trusted Endpoints

Because unknown devices pose a security risk, some organizations allow their workforce to only use managed endpoints they’ve provided when accessing network applications and resources. With Duo Trusted Endpoints, you have control over which devices are granted access, and which are blocked based on the policy you create.

Leverage your existing device management solution

For organizations that choose to allow access only from managed devices, Duo supports native integrations with a broad range of leading mobile device management (MDM) solutions. At authentication, the Trusted Endpoints policy checks to see if the endpoint is enrolled in a supported MDM or UEM, or registered with Duo. If it’s not, the device is considered untrusted and can be blocked from accessing browser-based applications.

Not everyone does their work on a desktop or laptop - increasingly, it’s from a mobile phone or tablet. The Duo Mobile app can verify iOS and Android devices as trusted devices, enabling users to securely access Duo-protected apps like email wherever they are.

Whether the access request from the mobile device browser was approved with Duo Push or with a different authentication factor (like an SMS passcode), Duo prompts the user to open Duo Mobile to perform a device health check during authentication.

If the Duo Mobile check determines that the device satisfies your organization's access policies, such as screen lock enabled, updated OS version, or other configured policy requirements, then that mobile device used to access your Duo-protected application is a "trusted device".

A device can be removed from the trusted device list for a number of reasons, such as an outdated OS or browser, or the previously configured trust expiration date has been reached. In such events, admins may take action by blocking non-compliant devices with Endpoint Remediation and notifying users to update devices with Self-Remediation.

Identifying and remediating risky devices helps prevent the spread of malware and potential data breaches.

Endpoint Remediation: Manage out of date devices

When your users’ devices are out of date, they’re more susceptible to exploits that leverage known flaws in software — and when they log into your applications, that means your data is also at risk.

Duo’s Endpoint Remediation lets your admins block access to enterprise applications based on outdated software versions.

Self-Remediation: Notify Users When it’s Time to Update

With Duo Desktop, Self-Remediation, and the Duo Mobile App's Security Checkup, users can take responsibility for the health of their desktop and mobile devices without help from IT. Get notified when it’s time for a software update, block out-of-date devices from accessing company resources, and ease device management demands on IT.

The concept of trusted devices comes with several benefits, especially in the context of security, user convenience, and access control. Here are some key advantages of having trusted devices:

Reduced security risk

Designating devices as trusted helps in reducing the likelihood of unauthorized access. The system can focus on applying stricter security measures to unrecognized or untrusted devices.

Access to secure networks

In enterprise settings, trusted devices may be granted access to secure networks, while unrecognized or untrusted devices may face additional scrutiny or restrictions.

Streamlined access

A trusted device streamlines access, giving your users faster and more secure access. You can allow users to set their trusted devices as remembered devices, which allows a user to log into your organization’s applications using that trusted device without completing two-factor authentication each time for up to 30 days.

Empowered users

Users often have control over managing their trusted devices. They can add or remove devices from the trusted list, giving them a level of control over their account security. With Duo, users can also use Self-Remediation to fix issues when they fall out of trust.

Efficient device management

For organizations or administrators, recognizing and marking devices as trusted facilitates efficient device management. It allows for the enforcement of security policies, updates, and access controls based on the device's status.