cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3705
Views
1
Helpful
6
Replies

Duo Health app security agents

dsbjr
Level 1
Level 1

New user. I need to see a roadmap for the duo health app and when new security agents will be added. If we turn on that blocking then a lot of people will be blocked as the list duo supports for security agents is small. With BYOD and so many devices out there that list NEEDS to be expanded.

Thanks

6 Replies 6

ldubravec
Level 1
Level 1

Hi there @dsbjr , welcome to the Duo community!

Would you mind providing a few more specifics so I can track down some info for you? What blocking are you referring to? Are you referring to the operating systems that Device Health supports? This description of Device Health requirements might help in the meantime.

Thanks!

-Lauren

dsbjr
Level 1
Level 1

From the admin panel, Policies,Edit global policy,Device Health Application - from there it is set to enforcing and require users to have the app and then Block access if an endpoint security agent is not running - We have checked that to block users but the list from DUO is so small it blocks way too many people.

That list is built for enterprise av but with BYOD and so many remote users/devices to support - DUO needs to expand that list. I would love to see a roadmap that shows that is on there. It is needed.

bnail
Cisco Employee
Cisco Employee

Hi @dsbjr — thanks for providing us with more context.

There are currently no new security agents in development for the current quarter. Keep an eye on our Comms for additional news and updates on that front. In the meantime, there are a couple of strategies that you might consider to ensure that your users are able to access your critical applications.

If you are a Duo Beyond customer, you can uncheck the “Block access if endpoint security agent is not running” in the Device Health Application policy settings.

Alternatively, you might consider leveraging a custom policy for the Duo Health Application. You could segment your users into a group with managed devices and a BYOD group. Settings configured and assigned by group policy can override settings assigned by an application policy, which in turn overrides settings in the Global policy.

I hope this information helps!

dsbjr
Level 1
Level 1

We are duo beyond customers. I am sorry but it doesn’t really help. We became customers due to the requirement from our largest client and part owner to do end point analysis and block any remote users that do not have av but we should have checked your list 1st as it is so small it blocks way too many users. You really Need to get security agents/av added to your list.

Dallas

bnail
Cisco Employee
Cisco Employee

I’ll make sure to forward this to the development team.

For anyone reading who is not aware, you can file an official feature request with the Duo Support Team or your Customer Success Manager (if you are a Duo Care customer with a CSM) to have your idea recognized.

Any updates on this? This is a real deal breaker it defeats the purpose of this product. Can it not be set to confirm if any AV solution is installed?

If you have a windows 10/11 machine it will flag immediately if AV is disabled, cant the heath app do this?

An example - I have clients using Trend Micro Worry Free - Your heath application cannot detect this?

Bypassing this feature is not an option and would be impossible to ask BYO users to purchase specific AV products?

Quick Links