Announcing support for Windows Start Before Logon (SBL)
by Alex Marshall

Announcing support for Windows Start Before Logon (SBL)

Organizations can incur heavy burdens when implementing new security paradigms like Zero Trust. In addition to challenging traditional network perimeter models, Zero Trust models require changes to the way administrators manage both users and their devices, both of which require access to company resources. Windows devices are normally centrally managed by a Domain Controller, which can introduce additional challenges when users work remotely. To that end, we are excited to announce the launch of Twingate support for Windows Start Before Logon (SBL). Twingate SBL overcomes challenges in the on-premise Active Directory model by establishing a secure remote connection before the user logs on, removing headaches for users and admins.

Remain Connected Even Outside the Office

With Windows Start Before Logon (SBL), admins can maintain connectivity between devices outside the office, and the resources users need access to, thus reducing friction for admins who struggle to push group policy object (GPO) updates to a hybrid workforce. Users on Windows devices will be able to establish a secure remote connection from anywhere, allowing them to work comfortably from any location. Additionally, users will be able to update the password for their devices while in roaming status without finding themselves locked out of their corporate network because their device password and domain password are out of sync.

In the current model, Windows admins who manage on-premise Active Directory set group policies to limit functionality, such as allowing or denying specific startup scripts, access to shared drives, and other features. Still, devices must be connected to the organization’s domain controller to receive these updates. As a result, users who roam or work from other locations may not establish a proper remote connection.

Without SBL, a user’s password can end up out of sync with their centrally stored password in Active Directory. By connecting users to their corporate network before login, SBL can authenticate their device against the corporate network domain controller, ensuring it can receive updates, including group policy and password changes. By implementing SBL, admins won’t have to perform as many manual password changes and resets for users who do not follow a traditional work model of accessing their corporate network from inside the office.

SBL is also a critical step in streamlining user and device authentication processes. Twingate enables our customers to move beyond outdated security and networking paradigms, and we are constantly improving how we authenticate access based on device and user information. With SBL, we are talking another step forward to refine our Zero Trust solution and eliminate as many hurdles as possible

Zero Trust Made Easy

Twingate was founded with a mission to make Zero Trust easy for companies of all sizes, and we are thrilled to be able to support our Windows-based clients with a secure solution to authenticate roaming users. The Zero Trust journey involves many different teams: IT, DevOps, end-users, and we’re excited to continue to deliver enterprise-grade services with consumer-grade usability.

Contact Twingate to learn how to support your organization’s hybrid workforce, or subscribe to our free Starter tier to see how individuals and small teams benefit from Zero Trust access.


Featured Articles