When Workspace_ONE_Intelligence_Risk_Score is configured as the endpoint compliance check provider on the Horizon Settings page, Unified Access Gateway performs a Horizon Client endpoint device check with Workspace ONE Intelligence's risk analytics feature. This check is performed so that end users with high risk score endpoints are denied access to Horizon desktops and applications.

The risk score compliance check feature is available for Workspace ONE UEM-registered devices running a Horizon Client version that passes the hashed value of the device serial number to Unified Access Gateway. These client devices provide information to Workspace ONE Intelligence to allow a risk score to be calculated.

For information about risk scores, see the Risk Scoring section in the Workspace ONE Intelligence Products documentation at VMware Docs.


Ensure that you have configured the Workspace ONE Intelligence connection. For more information, see Configure Workspace ONE Intelligence Connection Settings.


  1. Log in to Admin UI and go to Advance Settings > Endpoint Compliance Check Provider Settings.
  2. Click Add.
    Note: If you have already added Workspace_ONE_Intelligence_Risk_Score as the endpoint compliance check provider, you can either edit the settings by clicking the gearbox icon or add new provider settings by deleting the existing one.
  3. Select Workspace_ONE_Intelligence_Risk_Score as the Endpoint Compliance Check Provider.
  4. Select the Workspace ONE Intelligence connection setting.
  5. Enter the Compliance Check Interval (mins) value.
    • Valid values (in minutes) - 5 to 1440
    • Default value - 0

      0 indicates Compliance Check Interval (mins) is disabled.

    For more information about periodic compliance checks and Compliance Check Interval (mins), see Time Interval for Periodic Endpoint Compliance Checks.

  6. To change the default value of the risk score severities and allow endpoints to access remote desktops and applications, click Show Allowed Risk Score Severities.

    The following risk score severities are supported: Low, Medium, High, and Others.

    By default, endpoint devices that have Low risk score are always allowed access.

  7. If you want to allow devices that have a risk score other than the default value, click to change from DENY to ALLOW.
    By default, endpoint devices with risk score severities other than LOW are denied.
  8. Click Save.

What to do next

  1. Navigate to Horizon settings, locate Endpoint compliance check provider text box, and select Workspace_ONE_Intelligence_Risk_Score from the drop-down menu.
  2. Click Save.