Bypass mobile security checks

robnicholson · ‎04-18-2023

My client has one user who refuses to enable device locking on their personal mobile and therefore Duo won’t install. They’re currently set to bypass until this is resolved. Not an uncommon tale and the friction between a tiny minority and BYOD isn’t something new. You’d think been given the benefit of working from home would buy some good will but clearly not.

We’d still like to use Duo Push instead of bypass. Is there anyway to turn off the mobile security checks for one user? Not ideal in the slightest and I’m making sure my back is covered

KevinSiddique · ‎04-18-2023

Hey Rob.

You can try this:

Create a new policy that turns off the security check.
Create a new group and add the user to the group.
For the specific Duo application, apply the policy to the group.

I’ve had to do this for specific users and it works well.

robnicholson · ‎04-18-2023

Thanks I’ll give that a go.

robnicholson · ‎04-19-2023

I’m struggling at the first hurdle I can’t see anywhere when I create a policy to disable the mobile security check?

KevinSiddique · ‎04-19-2023

Hmm… your screen looks different from mine. What edition of Duo are you on? I’m on Duo Access.

robnicholson · ‎04-19-2023

Duo MFA… adding more to get to 20 characters.

KevinSiddique · ‎04-20-2023

Ah, sorry man. It looks like it’s not a feature in Duo MFA.

Enforce device trust policies based on security health of mobile devices (encryption, tampered, screen lock, biometrics)

is for Duo Access and Duo Beyond.

robnicholson · ‎04-20-2023

Ohh well. We’ll continue to apply pressure to the one employee to turn screen lock on. Otherwise we’ll be buying them a really crappy mobile just for this

KevinSiddique · ‎04-20-2023

Could you use SMS, a hardware token, security key, or yubikey for this user? At the very least I prefer using a bypass code instead of putting a user in bypass.

robnicholson · ‎05-22-2023

The client applied, err, pressure to the user to enable PIN on their phone.