Re: DUO Desktop Health Status to Show all Policy Requirements

DarkLordTyler · ‎07-16-2024

Currently, DUO Desktop will show the status for OS Updates, System Passwords, Encryption, and Firewalls. However, DUO policies allow for the set-up of restrictions tied to Endpoint Protection and Device Trust.

The Desktop Health Check should provide the user with some level of verification against these other settings, even if the check is not explicit. For example, Endpoint Protection generic green check vs. SentinelOne or CrowdStrike specific green check.

This is especially important given the recent issues with The Desktop Agent causing device health to fail trust requirements and thus sign on for users, even when those requirements are in place. Intune Trust being the most recent and still unpatched issue.

This leads to confusion for users and issues for admins because DUO lacks native alerting capabilities around something like Login Failed because of Device Health/Trust issue.

Reporting on indivudal sign-ons in the dashboard is very strong and provides a wealth of information, but it's an extra step for an admin to gather that information and provides no immediate feedback to the user should they be able to self resolve or to provide as context into a support ticket. Streaming to a SIEM/XDR system is possible to gain alerting is not possible for all customers.

DuoKristina · ‎07-19-2024

Thanks for your thoughts on this!

Please contact Duo Support, or your Duo Care success manager (if you have one). They can help you by creating a product feature request with the information you've shared here.

Duo, not DUO.