In addition to the other user authentication services that are available on the Unified Access Gateway appliance, the endpoint compliance checks feature provides an extra layer of security for accessing Horizon desktops. You can use this feature to ensure compliance to various policies such as an antivirus policy or encryption policy on endpoints.

Endpoint Compliance Checks are advanced settings, which can be configured on the Endpoint Compliance Check Provider Settings page. Administrators can use this page to configure the status codes of endpoint devices for which access must be denied or allowed. The settings page also has time interval text boxes, which can be used by the administrators to configure periodic compliance checking of an endpoint during an authenticated user session.

Endpoint compliance is checked after a user authenticates successfully, when a user attempts to start a remote desktop or application from the listed entitlements, and during an authenticated session.

After successful authentication if the endpoint device has a status for which the access is configured to be denied, then even though the user has authenticated successfully, the device is denied access. As a result, the user cannot start a remote desktop or application.

Endpoint compliance policy is defined on a service running in cloud or on-premises. The OPSWAT MetaAccess persistent agent or the OPSWAT MetaAccess on-demand agent are the OPSWAT agents on the Horizon Client that perform the endpoint compliance check. These agents communicate the compliance status to an OPSWAT instance running either in cloud or on-premises.