Understanding the Duo Desktop Policy Options Additionally, Duo Desktop does not support macOS beta versions or Windows or macOS virtual machines. Windows Server 2022, Windows Server 2019, etc.) or earlier versions of Windows (like Windows 7 or Windows 8.1). See Supported Operating Systems for detailed version and distribution information.ĭuo Desktop does not support Windows Server (i.e. Linux distributions which support Debian or Red Hat packages.Supported endpoint operating systems include: Access devices should support Trusted Platform Module (TPM) 2.0 (Windows) or Secure Enclave (Mac) if you will require device registration.Proxy connections that perform HTTPS inspection or filtering from endpoints are not supported. Linux, macOS, or Windows user endpoints with direct access or HTTP relay proxy connection to Duo Security's service on port 443.Access to the Duo Admin Panel as an administrator with the Owner, Administrator, or Application Manager administrative roles.A Duo Essentials, Duo Advantage or Duo Premier plan subscription.You can limit this risk by enabling device registration. Every authentication is uniquely identified, so a user cannot reasonably impersonate another user’s device information. This means that a bad actor could intercept the Duo authentication prompt and create their own response to Duo's request for device health information and send that response up to Duo servers. Note: While Duo Desktop transmits collected information securely, this information is not uniquely identified. When a user's device doesn't meet the security requirements of the Duo Desktop policy, Duo Desktop provides the user with steps they can take to remediate their security posture to align with the Duo Desktop policy on the application. After installing Duo Desktop, Duo blocks access to applications through the Duo browser-based authentication prompt (when displayed in a browser or in a supported thick client's embedded browser) if the device is unhealthy based on the Duo policy definition and informs the user of the reason for denying the authentication. The first time users log in to an application protected by the web-based Duo Universal Prompt or traditional Duo Prompt with the Duo Desktop policy set to require the app, Duo prompts them to download and install Duo Desktop. Overviewĭuo Desktop, formerly known as Duo Device Health, gives organizations more control over which laptop and desktop devices can access corporate applications based on the security posture of the device or presence of Duo Desktop installed on the endpoint.ĭuo access policies that enforce application access based on device health.Ī native client application for supported Linux, macOS, and Windows clients that checks the security posture of the device when a user authenticates to an application protected by Duo's browser-based prompt with an applied Duo Desktop policy.Īdditional endpoint information provided in the Duo Admin Panel. Duo helps you control access to your applications through the policy system by restricting access when devices do not meet particular security requirements.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |