Policy to disable offline enrollment for select "shared" devices?

nacho3 · ‎07-10-2019

Hello,

We support quite a few laptops which are installed in public safety vehicles.

Since these devices are shared by numerous officers we’d like to prevent the automatic enrollment prompt for offline access while enforcing this requirement for all other “non-shared” laptops.

We understand that one can simply click on the “X” to close the prompt during logon, but the prompt returns the next time the officer attempts a login.

If this setting could be added via the GPO templates, that would be a super-easy way to deploy this unique configuration.

Thanks for your help!

mkorovesisduo · ‎07-11-2019

Hey Nacho,

To accomplish what you’re after now, you could consider creating two Duo for Windows Logon/RDP applications to push out via GPO: one for the shared devices you reference and one for non-shared laptops.

On the properties page for your “shared devices” Duo for Windows Logon/RDP application, disable offline access. On the properties page for your “non-shared devices” application, enable offline access. Then deploy these applications to the appropriate workstations.

We’re planning to add this to our GPO template pretty soon. Keep any eye on this space!

Hope this helps!

nacho3 · ‎07-18-2019

This is fantastic news!

We’ll give the dual application deployment a try in the meantime while we wait for the GPO-based solution.

Thanks again!