I am excited to announce the immediate availability of Mobile Checks and mobile end-user self-remediation for 1Password® Extended Access Management Device Trust customers.
Here’s a quick demo.
The Checks
As part of this release, we are proud to launch the initial set of Checks:
These Checks leverage the same core set of data that is collected from mobile devices each time a user opens the app to authenticate.
The new Checks are not enabled by default for existing customers, but you can enable them right in our Check Catalog.
This initial set provides great functionality to get you started, and more Checks are on the way!
Self-Remediation
In addition to shipping new Checks, we’ve updated our Kolide Mobile App to version 8. This version allows end-users to self-remediate any issues directly from the mobile application.
When users attempt to authenticate with a device that’s not in a good state, they will be asked to launch the mobile app to fix issues. After fixing the issues, they can try to authenticate again or simply swipe back to their web browser to complete the authentication process.
Just like on their desktop, users can now fix issues during authentication.
In addition to fixing issues during authentication, end-users can also launch the Kolide Mobile App directly from their phone to review their devices, including any failing Checks. Just like before, the fix instructions are available right there inside the app.
Users can launch the Kolide Mobile App (which can be associated with more than one organization) and review and fix issues.
Like Checks that run on desktop devices, users will only be asked to fix issues that are set to “notify only,” “warn then block,” or “block immediately.” Admins can also configure checks to “report only,” which will not notify users of the issue.
Also, just like with our other Checks, you can customize the remediation and fix instructions for any Mobile Check.
Customize the fix instructions for any Mobile Check with full markdown support. You can even add links to preference panes to make it easier for your users to complete the steps.
MDM Enrollment Verification
One critical Check is the ability to verify that a mobile device is enrolled in a Mobile Device Management (MDM) provider. To enable this, we’ve added a new feature called Device Management Providers.
This feature allows you to specify one or more MDM providers associated with your organization. For each MDM provider you add, we will generate a secret key. Once you have the key, simply use your MDM to distribute the Kolide app to your managed mobile devices, with the key as part of the configuration.
When the Kolide app starts up on a user’s phone, it will look for this key. If it matches the MDM in your account, we know that phone must be enrolled in the MDM!
If your mobile device is enrolled in an MDM, Kolide will report the name right on the device’s summary page.
More importantly, you can use this ability to ensure only mobile devices that are enrolled in your MDM are allowed to register and authenticate to Kolide. Just like with desktop devices, you can set the corresponding Check right in the Device Registration configuration page.
A screenshot from our docs that shows how to add MDM as a registration requirement.
Of course, just like any Check, you can ensure that not only is the device enrolled in an MDM at registration time, but you can also make sure it stays that way by blocking a device from future authentications if it ever un-enrolls. To get that capability, you just need to set the Check’s device trust settings to block immediately. For more information on this feature, check out our documentation.
With the launch of Mobile Checks and self-remediation, we’re excited to bring even more flexibility and control to 1Password Extended Access Management customers. These new features help ensure that only secure, managed devices are able to authenticate, while empowering end-users to fix any issues directly from their mobile devices.
We can’t wait for you to start using these new tools to strengthen your device security posture.
Jason Meller
VP, Product Management
Tweet about this post