What is a Device Health App?

In the context of digital devices, being "healthy" implies that a device is in good operational condition. This includes aspects such as proper (operating system) function, security, and adherence to best practices.

In the physical world, you always try to avoid bringing illnesses —like a virus — into your home, to prevent everyone you live with from getting sick. Similarly, you should work hard to avoid bringing unhealthy or unknown devices into your organization to prevent those potentially unhealthy devices from negatively impacting the rest of your network.

Device health encompasses a range of factors related to the security, integrity, and functionality of a device. Device health requires regular monitoring and maintenance activities to ensure that devices remain in a healthy state and are less susceptible to security threats.

As the number of connected devices continues to grow, so does the pressure on security and IT teams to ensure these devices have a healthy security posture. One tool that can help is Duo Desktop, formerly known as Duo Device Health. A lightweight client application for macOS, Windows and Linux clients, Duo Desktop provides the controls organizations need to create custom access policies that allow or block connections to applications based on device health. It’s part of a more extensive Duo Trusted Endpoints methodology that also considers whether a device is managed or unmanaged.

For a device to be considered healthy, it means that the device is in a good and secure operational state, and it meets certain criteria related to performance, security, and overall functionality.

Establishing the health and trust of each endpoint before it’s granted access to apps and data on your network is an essential part of a strong access security policy. Here are eight key posture checks organizations should ask when assessing device health:

• Is the device running the latest OS version including patches?

• Is the device’s browser up to date?

• If there are plug-ins, are they the latest version?

• Is a system password in place?

• Does the device have an encrypted drive?

• Is the host firewall enabled?

• Is the device running an endpoint security agent?

• Is it a corporate-issued managed device or an unmanaged BYO device?

Duo Desktop gives organizations granular control over which devices can access corporate applications based on the security posture of the device or presence of Duo Desktop installed on the endpoint. Duo Desktop can also check device health and security posture of macOS, Windows, and Linux devices at every login.

Duo Desktop is an application installed on the client desktop or laptop PC that performs device health checks whenever you access Duo protected applications through the browser-based Duo Universal Prompt or traditional Duo Prompt Ensuring the device meets organizational security requirements and is less vulnerable to compromise and helps protect corporate data.

Duo Desktop’s lightweight agent has no impact on system or app performance, cannot access personal files, and doesn’t manipulate local device settings.

Duo Desktop supports the following platforms:

• Linux distributions which support Debian or Red Hat packages.

• macOS 10.15 and later.

• Windows 10 and 11 client editions, including Enterprise, Pro, and Home.

When your users’ devices are out of date, they’re more susceptible to exploits that leverage known flaws in software — and when they log into your applications, that means your data is also at risk.

Duo has a number of features that help you check, remediate, and mitigate device health.

Duo Desktop
Duo Desktop provides the controls organizations need to create custom access policies that allow or block connections to applications based on device health. It’s part of a more extensive Duo Trusted Endpoints methodology that also considers whether a device is managed or unmanaged.

When assessing device health, Duo Desktop collects information from each endpoint at the time of authentication and checks it against the access policy. This includes:

• Operating system version

• Password status

• Disk encryption status

• Host firewall status

If every checked item complies with the organization’s security policy, access is granted. If one or more elements fail the compliance check, access is blocked.

Duo Device Insight
To give you actionable data, Duo's Device Insight collects information about your users’ devices as they authenticate into your applications and systems, creating an inventory of out-of-date, unpatched, jailbroken, rooted, unencrypted, or otherwise unsafe machines exist in the environment.

Easily search, filter and export a list of devices by OS, browser and plugin, and refine searches to find out which devices are susceptible to the latest iOS or Android vulnerabilities.

Duo Trust Monitor
Duo Trust Monitor takes trust a step further by continuously analyzing authentication data, so that you can spot anomalous logins due to changes in device health, security policies, and user behavior.

Duo Endpoint Remediation
Duo’s Endpoint Remediation lets your admins block access to enterprise applications based on outdated software versions, while Self-Remediation warns your users that they're using outdated software and gives them the option to update their own devices.

Logs and Reports
Duo provides insight into every device that's accessing your information — whether it's a personal device or corporate-owned. You can access that information easily and at any time with extensive user and device reports, available through Duo’s Admin Panel.

Duo analyzes what’s running on all of your users’ devices — managed or unmanaged, and without the use of an agent. With this data at your fingertips in an actionable device health report, you’ll be able to see:

• An analysis of your users’ devices, including current device OS, browsers, and Java versions.

• Security health trends of all devices accessing your business applications, including which devices are outdated or need to be updated by end users.

• The latest security events that may result in outdated devices, including a new browser or plugin update released by a software vendor.

A device health app ensures laptops and desktops are in a healthy state by enforcing corporate device health policies, blocking non-compliant devices at the time of authentication, and empowering users with self-remediation to bring devices back into compliance with security policies—and no need to contact IT.

Duo Desktop verifies the health and security of your endpoint devices at every authentication before granting access to the Duo-protected applications and resources your workforce needs.

Duo Desktop offers comprehensive security posture checks which include:

• Operating system version and updates

• Firewall status

• Device encryption status

• Presence of system password

• Antivirus agent status (Duo Premier edition)

With Duo Desktop, Self-Remediation, and the Duo Mobile App's Security Checkup, users can take responsibility for the health of their desktop and mobile devices without help from IT. Get notified when it’s time for a software update, block out-of-date devices from accessing company resources, and ease device management demands on IT.