This walkthrough will help you get started with Extended Device Compliance, as well as test it within a smaller group before rolling it out to your organization.

Before You Begin

Before you can set up Extended Device Compliance, you’ll need:

• 1Password Business
• 1Password Device Trust Core or 1Password Device Trust Connect. Contact Kolide support to upgrade.
• A Chrome-based web browser (for example Google Chrome, Chromium, Microsoft Edge, Brave, or Arc)
• The Nightly release of the 1Password browser extension

Step 1: Create a Test Group

There are two ways you can test Extended Device Compliance before you roll it out to your entire team. You can create a device group within Kolide and add devices of team members who want to participate in testing to the group. Then, create Checks that target the device group.

Alternatively, have all team members you want to test Extended Device Compliance install the Nightly release of the 1Password browser extension. During the Early Access period, only team members with the Nightly extension installed in a Chrome-based browser will experience Extended Device Compliance.

Step 2: Turn On Device Trust for a Web App

To add Device Trust to a web app:

1. Sign in to Kolide.
2. Select the Apps tab. You’ll see a list of web apps Kolide has discovered that members of your team are using.
3. Choose an app that you want to protect with Device Trust.
4. Toggle on Device Trust.

Step 3: Configure Checks

In Kolide, create a Check or use an existing check that’s straightforward for end users to fix. Some examples include:

• Finder - Require File Extensions to be Visible in Finder (macOS)
• Windows Explorer - Require File Extensions to Be Visible (Windows)
• Terminal - Require Secure Keyboard Entry to be Enabled (macOS)

You’ll test Kolide by failing this check and fixing the issue.

If you’d like to test what it’s like to be blocked from a web app, choose a check that will Block Immediately.

If you want to add a check that blocks you:

1. Select the Checks tab.
2. Find and select the check, preferably a check that’s easy to fix.
3. Make sure the check is turned on, then select the vertical ellipses and choose Configure.
4. If you made a device group for testing, in the “This Check Runs Against” field choose your device group and select Save.
5. In the “Remediation Strategy" section, select Configure.
6. Choose Block Immediately, then select Save.

After you have the check you want to test, make sure your device is not in compliance with that check. For example, if you have a check that requires content caching to be turned off, you’ll turn content caching on.

When you’ve made sure your device is not in compliance, manually re-check your device:

1. Select the Checks tab.
2. Find the check you’re using to test Extended Device Compliance and select it.
3. Find the device name you’re testing with and select it.
4. Select the Check Results tab.
5. Find the check and select it again.
6. Select Recheck Device Now, and you’ll see that your device is now failing the check.

Step 4: Test Extended Device Compliance

To test Extended Device Compliance, you’ll need your device to fail a check.

Sign out of the web app you’d like to test, then sign in again. You’ll see a 1Password notification in your browser listing any issues you need to fix before you can access the web app. You can select the issue in the notification to see instructions on how to fix the issue yourself.

Fix the issue and select Recheck in the 1Password notification. If you choose a check that allows you to snooze the notification, you’ll be able to select Snooze on this notification.

If you choose a check that blocks your device immediately, you won’t be able to sign in to the app until you fix the issue.