The Endpoint Compliance Checks feature on UAG (Unified Access Gateway) provides an extra layer of security for accessing Horizon desktops in addition to the other user authentication services that are available on Unified Access Gateway.

You can use the Endpoint Compliance Checks feature to ensure compliance to various policies such as an antivirus policy or encryption policy on endpoints.

Endpoint compliance policy is defined on a service running in cloud or on-premises.

If Endpoint Compliance Checks is enabled, Unified Access Gateway by default allows only compliant VDI desktops to be launched and blocks launching of all non-compliant endpoints.

Administrators can now configure the status codes on the UAG to allow endpoints to be launched for various statuses such as Not in compliance, Device not found, Out of license usage, and so on.


  1. Sign up for an OPSWAT account and register your applications on the OPSWAT site. See
  2. Note down the client key and client secret key. You need the keys to configure OPSWAT in Unified Access Gateway.
  3. Log in to the OPSWAT site and configure the compliance policies for your endpoints. See the relevant OPSWAT documentation.
  4. On the OPSWAT homepage, click Connect Metadefender Endpoint Management and download and install the agent software on the client device.


  1. Log in to Admin UI and go to Advance Settings > Endpoint Compliance Check Provider Settings.
  2. Click Add .
    The Endpoint Compliance Check Provider and Hostname text boxes are already filled.
  3. Enter Client Key and Client Secret.
  4. To change the default value of the statuses and allow endpoints to be launched, click Show Allowed Status Codes.
    The following status codes are supported: In compliance, Not in compliance, Device not found, Out of license usage, Assessment pending, Endpoint unknown, and Others.
  5. For the desired Status Code, click to change from DENY to ALLOW.

    The default value of In Compliance status code is ALLOW. Only compliant endpoints are allowed to be launched.

    The default value of all other status codes is DENY.

  6. Click Save.
  7. Navigate to Horizon settings, locate Endpoint compliance check provider text box, and select OPSWAT from the drop-down menu.
  8. Click Save.
  9. Connect to the remote desktop using the Endpoint compliance check provider client.


The configured Horizon View desktops are listed and when you start a desktop, the client device is validated for compliance.