Bypass mobile security checks

My client has one user who refuses to enable device locking on their personal mobile and therefore Duo won’t install. They’re currently set to bypass until this is resolved. Not an uncommon tale and the friction between a tiny minority and BYOD isn’t something new. You’d think been given the benefit of working from home would buy some good will but clearly not.

We’d still like to use Duo Push instead of bypass. Is there anyway to turn off the mobile security checks for one user? Not ideal in the slightest and I’m making sure my back is covered :slight_smile:

Hey Rob.

You can try this:

  1. Create a new policy that turns off the security check.
  2. Create a new group and add the user to the group.
  3. For the specific Duo application, apply the policy to the group.

I’ve had to do this for specific users and it works well.

Thanks I’ll give that a go.

I’m struggling at the first hurdle :wink: I can’t see anywhere when I create a policy to disable the mobile security check?

Hmm… your screen looks different from mine. What edition of Duo are you on? I’m on Duo Access.

Duo MFA… adding more to get to 20 characters.

Ah, sorry man. It looks like it’s not a feature in Duo MFA.

Enforce device trust policies based on security health of mobile devices (encryption, tampered, screen lock, biometrics)

is for Duo Access and Duo Beyond.

Ohh well. We’ll continue to apply pressure to the one employee to turn screen lock on. Otherwise we’ll be buying them a really crappy mobile just for this :slight_smile:

Could you use SMS, a hardware token, security key, or yubikey for this user? At the very least I prefer using a bypass code instead of putting a user in bypass.

The client applied, err, pressure to the user to enable PIN on their phone.