With this option selected, but none of the device health checks options in the policy, having Duo Desktop installed and reporting information to Duo is required for access.Įnd users running devices that can install the app (Linux, macOS 10.15+, and Windows 10 build 1803+) see a link to download the app from the Duo authentication prompt when attempting to access a Duo-protected application associated with the policy if they do not already have the application installed. Require the app: Available in all paid plans. Data will be collected from Duo Desktop if present and running on the machine. End users are not prompted to install Duo Desktop when accessing a Duo-protected application. With this option selected, the policy is not in effect and has no impact on end user access. For each operating system listed, make one of the following selections:ĭon’t require the app (Default): Available in all paid plans. These settings determine which operating systems require Duo Desktop installed for Duo-protected application access. The Duo Desktop policy can apply to Linux endpoints, macOS endpoints, and Windows endpoints - in distinct policies or all three in a single policy.ĭuo Desktop policy options in Duo Essentialsĭuo Desktop policy options in Duo Advantage Require Duo Desktop Understanding the Duo Desktop Policy Options Additionally, Duo Desktop does not support macOS beta versions or Windows or macOS virtual machines. Windows Server 2022, Windows Server 2019, etc.) or earlier versions of Windows (like Windows 7 or Windows 8.1). See Supported Operating Systems for detailed version and distribution information.ĭuo Desktop does not support Windows Server (i.e. Linux distributions which support Debian or Red Hat packages.Supported endpoint operating systems include: Access devices should support Trusted Platform Module (TPM) 2.0 (Windows) or Secure Enclave (Mac) if you will require device registration.Proxy connections that perform HTTPS inspection or filtering from endpoints are not supported. Linux, macOS, or Windows user endpoints with direct access or HTTP relay proxy connection to Duo Security's service on port 443.Access to the Duo Admin Panel as an administrator with the Owner, Administrator, or Application Manager administrative roles.A Duo Essentials, Duo Advantage or Duo Premier plan subscription.You can limit this risk by enabling device registration. Every authentication is uniquely identified, so a user cannot reasonably impersonate another user’s device information. This means that a bad actor could intercept the Duo authentication prompt and create their own response to Duo's request for device health information and send that response up to Duo servers. Note: While Duo Desktop transmits collected information securely, this information is not uniquely identified. When a user's device doesn't meet the security requirements of the Duo Desktop policy, Duo Desktop provides the user with steps they can take to remediate their security posture to align with the Duo Desktop policy on the application. After installing Duo Desktop, Duo blocks access to applications through the Duo browser-based authentication prompt (when displayed in a browser or in a supported thick client's embedded browser) if the device is unhealthy based on the Duo policy definition and informs the user of the reason for denying the authentication. ![]() The first time users log in to an application protected by the web-based Duo Universal Prompt or traditional Duo Prompt with the Duo Desktop policy set to require the app, Duo prompts them to download and install Duo Desktop. Overviewĭuo Desktop, formerly known as Duo Device Health, gives organizations more control over which laptop and desktop devices can access corporate applications based on the security posture of the device or presence of Duo Desktop installed on the endpoint.ĭuo access policies that enforce application access based on device health.Ī native client application for supported Linux, macOS, and Windows clients that checks the security posture of the device when a user authenticates to an application protected by Duo's browser-based prompt with an applied Duo Desktop policy.Īdditional endpoint information provided in the Duo Admin Panel. You may see both names mentioned during this transition. ![]() Policy settings, endpoint information, user interfaces, and logging will reflect the new name in November 2023. ![]() ![]() Duo Desktop is the new name for Duo Device Health.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |