Getting Started for Remoting and DaaS
deviceTRUST requires some simple but essential configuration steps to be performed to enable deviceTRUST functionality for your remoting and DaaS environments. We will guide you step-by-step through simple deviceTRUST installation and configuration steps to enable deviceTRUST with a compliance check use case within your remoting or DaaS environment.
We will perform the following steps:
- Step 1: Download the deviceTRUST setup binaries
- Step 2: Install the deviceTRUST Agent
- Step 3: Install the deviceTRUST Console
- Step 4: Enter your deviceTRUST License
- Step 5: Install the deviceTRUST Client Extension on a Microsoft Windows device
- Step 6: Enable the Compliance Check use case
- Step 7: Check that access is denied when the deviceTRUST Client Extension is not installed
- Step 8: Test the Compliance Check use case from a Microsoft Windows device
Step 1: Download the deviceTRUST setup binaries
The latest deviceTRUST software can be found on our Download page and your personalized license can be found within your product license certificate.
Step 2: Install the deviceTRUST Agent
Start the installation of the deviceTRUST Agent on your remoting or DaaS host system, which can be Amazon WorkSpaces, Citrix Virtual Apps and Desktops (CVAD), Microsoft Azure Virtual Desktop (AVD), Microsoft Remote Desktop Session Host (RDSH) or VMware Horizon View. Follow the steps in the section Installing the Agent to complete the installation.
Step 3: Install the deviceTRUST Console
To configure and to apply contextual security policies to the deviceTRUST Agent you need to use the deviceTRUST Console. The deviceTRUST Console supports various ways to provide the contextual security policies to the deviceTRUST Agent. Those options are using the Local Policy Editor, a Group Policy Object (GPO) or file-based.
Within the Getting Started Guide, for simplicity, we use the Local Policy Editor to quickly and efficiently create, edit, and use contextual security policies. Follow the steps in the section Installing the Console to complete the installation.
The deviceTRUST Console includes a node within the Local Policy Editor
COMPUTER CONFIGURATION\DEVICETRUST CONSOLE which can be used to model the context of a user, and then act on changes to that context by triggering custom actions within your environment.
Step 4: Enter your deviceTRUST License
To add the license into the deviceTRUST contextual security policy open the Local Policy Editor and navigate to
DEVICETRUST CONSOLE and click on the
UNLICENSED link on the homepage.
Enter your deviceTRUST license and make sure it is valid. Close the license editor with
OK and click on
SAVE TO LOCAL COMPUTER POLICY in the top right toolbar.
deviceTRUST is now enabled and will work for all users except local administrators connecting to that remoting or DaaS host system with deviceTRUST Agent installed. To check if you have added a valid deviceTRUST license, open the Windows Event Log and navigate to
APPLICATION AND SERVICE LOGS\DEVICETRUST\ADMIN and check for the existence of event ID 11 which states that your deviceTRUST license is valid.
Step 5: Install the deviceTRUST Client Extension on a Microsoft Windows device
Within the Getting Started Guide, for simplicity, we will only install the deviceTRUST Client Extension on a Microsoft Windows device. Other device operating systems are also supported and an overview of how to install the deviceTRUST Client Extension on the particular operating system can be found on the Installation Client Extension page. Now follow the steps in the section Installing the Client Extension on Microsoft Windows device to complete the installation.
Step 6: Enable the Compliance Check use case
We will use the deviceTRUST Console to create a contextual security policy which controls access to the session depending upon the compliance state of the remote device. The deviceTRUST Console includes a set of use cases which can be used to quickly implement a use case. Launch the deviceTRUST Console and navigate to
REMOTING USE CASES on the homepage.
COMPLIANCE CHECK use case, select on the
GENERAL tab all options to be included in the compliance check.
New configuration tabs will become visible.
Click on the
COUNTRY configuration tab and add all authorized countries using ISO 3166-1 Alpha-2 code.
Click on the
SECURITY configuration tab and enable the
REQUIRE WINDOWS REMOTE DEVICES TO HAVE AN ACTIVE AND UP TO DATE ANTIVIRUS PRODUCT and
REQUIRE WINDOWS AND MACOS REMOTE DEVICES TO HAVE AN ACTIVE FIREWALL PRODUCT options.
Click on the
UPDATES configuration tab and enable the
REQUIRE WINDOWS REMOTE DEVICES TO BE UPDATED WITHIN THE LAST 7 DAYS and
REQUIRE MACOS REMOTE DEVICES TO BE UPDATED WITHIN THE LAST 7 DAYS options.
Click on the
WI-FI configuration tab and enable the
WPA2 ENTERPRISE and
WPA2 PERSONAL options.
Click on the
ASSIGNMENT configuration tab and add
USERS and / or
SECURITY GROUPS to apply the use case for.
Click on the
ENFORCEMENT configuration tab and select
SAVE TO LOCAL COMPUTER POLICY in the top right toolbar to save the complianc check use case to the local computer policy.
Step 7: Check that access is denied when the deviceTRUST Client Extension is not installed
From a device without the deviceTRUST Client Extension installed, connect to your remoting or DaaS host system. Because the remote device does not have an active deviceTRUST Client Extension, the access will be denied with the following message:
Step 8: Test the Compliance Check use case from a Microsoft Windows device
From a Microsoft Windows device with the deviceTRUST Client Extension installed, connect to your remoting or DaaS host system. Toggle the state of the Windows Defender Firewall to see how deviceTRUST can simply and dynamically control access to the session depending on the firewall state of the remote device.
You have now successfully implemented your first use case with deviceTRUST for your remoting and DaaS environment. Feel free to check out our additional use cases provided on the deviceTRUST Console homepage under
REMOTING USE CASES. In addition, the deviceTRUST Console gives you access to many more configuration Templates for a wide variety of use cases.
If your deviceTRUST installation or configuration does not work as expected, you can use the Troubleshooting for Remoting and DaaS guide to start troubleshooting.