You can selectively block access to applications that have a Trusted Endpoints policy from individual managed endponts. Role required: Owner, Administrator, User Manager, or Help Desk. See the Policy & Control documentation for more information. Operating Systems: Computer and mobile device platforms.Self-remediation notifications and access controls are available for the following: If you choose to block access to users based on endpoint policy settings, users are unable to complete authentication to access your applications. Users authenticating via the Duo Prompt see notifications about any non-compliant properties of their endpoint. Use the Operating Systems, Browsers, Plugins, Duo Desktop, and Trusted Endpoints policy settings to restrict access and authentication from certain operating systems and versions, inform your users when their web browser or select plugins are out of date, verify the endpoint's security posture, and optionally block access to applications protected with Duo from unmanaged or insecure devices or devices with outdated software. Plan required: Duo Premier or Duo Advantage. Scroll down to the Phones and Endpoints tables to see platform, version, security warnings, trusted endpoint status, and other information about access and authentication endpoint devices associated with that user. Information shown in red indicates a less secure status.Ĭlick the out-of-date link to see the current version of the affected software.Ĭlicking on the username shown in the Endpoints table, or on the user tile on the endpoint's details page, takes you to the properties page for that user. When the endpoint browsers and plugins are up to date, the various details are green. You can view which users have authenticated to Duo using that endpoint, as well as the operating system, browser, plugin, trusted endpoint, and device health information. Endpoint DetailsĬlicking on an endpoint's operating system takes you to that endpoint's details page. Trust certificate information isn't shown when device trust is determined by Duo Mobile or Duo Desktop. When filtering the Endpoints table by certificate expiration, "soon" means that the certificate has reached its renewal window: three days before expiration for 1-week certificates or two weeks before expiration for one year certificates. If Duo can determine when the trust certificate was issued that information is shown along with the other information for that endpoint. "Unknown" status in the Trusted Endpoint column usually indicates that the endpoint hasn't been used to access the application that has the Trusted Endpoints policy yet. The "Trusted Endpoint" column shows the device's trust status: "Yes" if the endpoint passed Duo's managed system check, or "No" if it did not. Checking the Out of date filter option for browsers or plugins shows you all browsers and plugins not at the latest generally available version. For example, checking the boxes next to "Windows ", "10", "Firefox", and "Java" on the left side of the Devices page then displays all PCs running Windows 10 that accessed your application using Firefox with the Java plugin enabled. You can filter the Endpoints list by operating system and version, browser type and version, installed plugins, Trusted Endpoint status, and Trusted Endpoint certificate expiration. Information for a given endpoint is purged after 30 days of inactivity. Duo Premier and Advantage customers can view the Trusted Endpoints management status of a given endpoint from the Endpoints page and deny access to individual managed endpoints from that endpoint's details page.Īuthentications from applications that do not show a web-based Duo prompt, like Duo Authentication for Windows Logon, do not populate the list of endpoints. When users log in to protected apps with the web-based Duo Universal Prompt or traditional Duo Prompt, Duo gathers mobile device and computer operating system platform and versions, browser types and versions, and Java and Flash plugin versions if detected in the browser. Duo Premier and Advantage plan customers see information about the security status of your endpoints accessing your applications and approving application access from the top-level Endpoints tab in the Duo Admin Panel. In Duo, Endpoints are both the laptops, desktops, tablets, mobile phones, and other devices where your end users access Duo-protected applications and services, as well as 2FA Devices, which are the enrolled phones and other mobile devices where users approve Duo authentication requests. Duo's Endpoints analysis shows at a glance the security status of operating systems, browsers, and plugins used when connecting to your Duo protected applications and services.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |