Administrators can configure time intervals for periodic compliance checking of an endpoint during an authenticated user session. The periodic compliance checking ensures that the device remains compliant throughout the session. Endpoint Compliance Check Provider setting has two time intervals: Compliance Check Interval and Compliance Check Fast Interval.
Compliance Check Interval can be used for configuring the time interval for Workspace ONE Intelligence (risk score) and OPSWAT providers whereas Compliance Check Fast Interval can be used for OPSWAT only.
When the Compliance Check Interval (mins) is configured, Unified Access Gateway performs compliance checks on an endpoint when a user attempts to run a remote desktop or application session using Horizon Client on that endpoint. Endpoints are periodically checked for compliance as per the configured time intervals.
After the initial compliance check, sometimes an endpoint might become non-compliant due to several reasons such as policy changes done by administrators. Despite compliance assessment pending, endpoints might require access to run a session. If the device status is Assessment pending
or Endpoint unknown
, the Compliance Check Fast Interval (mins) can be used.
When both intervals are configured and if the device status is either Assessment pending
or Endpoint unknown
, Unified Access Gateway first runs the compliance check fast interval. After the endpoint becomes compliant, Unified Access Gateway then runs the compliance check interval.
During the periodic compliance check, if an endpoint is found to be non-compliant then the user session is disconnected.
Compliance Check Interval (mins)
This text box allows you to configure a periodic time interval at which the Horizon Client sends compliance check requests to Unified Access Gateway during a session.
Compliance Check Fast Interval (mins)
This text box allows you to configure a periodic, frequent time interval at which the Horizon Client sends compliance check requests to Unified Access Gateway during a session for an endpoint in specific statuses other than In compliance
. The statuses are Assessment pending
and Endpoint unknown
and must be configured as ALLOW
.
For example, when the on-demand agent is assessing an endpoint and the device status is either Assessment pending
or Endpoint unknown
, you can set the time interval to 1 minute
so that the compliance checks are more frequent at the beginning of a session.
0
.
To configure the time intervals for the endpoint compliance check providers, see Configure Workspace ONE Intelligence (Risk Analytics) as the Endpoint Compliance Check Provider for Horizon and Configure OPSWAT as the Endpoint Compliance Check Provider for Horizon.