Corporate Laptop on Home Network

I’m trying to configure my policies to make it as easy as possible for my users. I know, security shouldn’t be easy and may defeat the purpose of MFA.
My set up: Cisco Duo, Directory Sync to AD, protecting Google Workspace. We’re a school district.

A user has a district issued laptop. Uses it primarily on the district network, which I have marked as “Trusted Network” in my policy. When they bring the laptop home, I do not want them to have to get the Duo authentication prompt.

Basically I want to be able to “trust” these laptops. Is there a way to do that? Would the Duo Device Health app allow that to happen?

I do not want to enable “remember device”, because I don’t want them to trust their home machines, should they log in to Google on that and get prompted for Duo authentication.

Hi William_Nofi,
Welcome to the Duo community.

Trusted Networks would only work if you were to add the users external home IP to Authorised Networks and ensure it remains static.

Trusted Endpoints with the Device Health App can be used to add an additional layer of security for authentication, but it cannot be used to bypass 2FA based on a Trusted Device. If a malicious actor were to gain access to or control of a Trusted Device, you would not want them to be able to authenticate without 2FA.

Unfortunately with the current implementation of Duo policies it is not possible to create policy dependancies such as enabling Remembered Devices only for an Authorised Network or a Trusted Endpoint. However this is a great idea and I have created a feature request for this functionality to be explored by our teams in the future.

Thanks for helping make Duo better!

In your instance, you can use Remembered Devices and lower the duration to an hour for example to minimise the risk if users were to use this to bypass sequential authentications from a home computer. Or alternatively go with the most secure route of forcing the user to have to authenticate with 2FA repeatedly from both their work and home machines.