Device Security: Migration Guide
Twingate is introducing new functionality called Device Security, which is a granular way of specifying what types of devices are used to access your Network and protected Resources. With this change, the existing device requirements on your Resource and Network Sign-in Policies have been preserved.
Understanding Security Policies
Existing Security Policies enable you to put restrictions on the devices that can be used to either sign in or access a Resource. Device Security expands on this by allowing more granular device requirements and also requiring device posture checks. We’ve summarized the changes below.
We also strongly encourage you to read the Device Security Guide to gain additional familiarity.
|Existing functionality||New functionality||Comments|
|Separate Network Sign In Policy||Device Security Minimum Authentication Requirements||The previous configuration of Network Sign In Policy now is broken out into two requirements, both of which must be met: |
|Trusted Device requirement||Trusted Profile||To include a requirement for a Trusted Device, create a Trusted Profile for the appropriate platforms. These Trusted Profiles can then be included on the Resource Policies.|
|Platform restriction||Policy-level Device Security||To remove specific platforms from a Resource Policy, you can manage the Device Security section on a specific policy. From here, you can select the specific platforms that satisfy that policy by selecting the appropriate Trusted Profiles and Minimum OS Requirements.|
What new capabilities does Device Security include?
Device Security enables more granular controls by allowing Minimum OS Requirements and Trusted Profiles to be configured independently of the Resource Policies. This allows you to specify the combinations that match your organization’s device needs and apply them across multiple policies (as opposed to configuring them individually for each policy).
Additionally, Device Security enables you to include device posture checks into policies, enabling increased security for devices accessing your Twingate Network and protected Resources.
Migration for existing Twingate Networks
We are rolling out Device Security to all existing Twingate Networks starting on May 23rd through mid-June. The migration process will convert all existing policies and device requirements into the correlated Device Security configuration.
After migration, the behavior that you and your users experience with Device Security will be identical to the experience you had previously. This section details how your existing configuration will be migrated.
Network Sign In
- If certain platforms are blocked, Minimum OS Requirements are blocked for those platforms.
- If manual trust is required, Trusted Profiles are created for all platforms and Minimum OS Requirements are blocked for all platforms.
- If certain platforms are blocked and manual trust is required, Trusted Profiles are created for platforms that are not blocked and Minimum OS Requirements are disabled for all platforms.
- The default state is that all Minimum OS Requirements are added on each Resource Policy.
- If certain platforms are blocked and Network Sign In requires manual trust, Trusted Profiles that aren’t blocked are added.
- If certain platforms are blocked and Network Sign In doesn’t require manual trust, Minimum OS Requirements are added for platforms that aren’t blocked.
- If Trusted Devices are required, Trusted Profiles are created for all platforms (unless the platform is blocked at Network Sign In) and then added.
- If certain platforms are blocked and manual trust is required, Trusted Profiles are created for platforms that are not blocked on the Resource Policy unless the platform is blocked at Network Sign In.
Please contact us if you have any questions about Device Security, or if you would like recommendations on how to structure your settings most effectively.
Last updated 1 minute ago