Device Posture service in test mode
The Device Posture service is also available in test mode wherein admins can test the Device Posture service before enabling it on their production environment. This enables the admins to analyze the impact of the device posture scans on the end user devices and then plan their course of action accordingly before enabling it on production. The Device Posture service in test mode collects data of the end user devices and classifies the devices into the three categories namely, compliant, non-compliant, and denied. However this classification does not enforce any actions on the end user devices. Instead, it empowers administrators to evaluate their environments and enhance security. Admins can view this data on the Device Posture dashboard. Admins can also disable the test mode, if necessary.
Note:
The EPA client must be installed on the devices. In case an end device does not have the EPA client installed, the Device Posture service presents a download page to the end user to download and install the client, without which the end user cannot log on.
Enable test mode
- Sign in to Citrix Cloud, and then select Identity and Access Management from the hamburger menu.
- Click the Device Posture tab and then click Manage.
- Slide the Device posture is disabled toggle switch ON.
-
In the confirmation window, select both the checkboxes.
- Click confirm and enable.
When the Device Posture service is enabled in test mode, the Device Posture home page displays a note confirming the same.
Admins can configure the policies and rules for device posture scans. For details, see Configure device posture. Based on the scan results, the end user devices are classified as compliant, non-compliant, and denied. Admins can view this data on the dashboard.
View the test mode activities on the dashboard
-
Click the Dashboard tab on the Device Posture page.
The Diagnostic logs chart displays the number of devices classified as compliant, non-compliant, and login denied.
-
To view the details, click the See more link.
Admins can download the monitoring logs from the UI.
Enable test mode in production
If the Device Posture service is already enabled on production, perform the following steps to enable the test mode:
- On the home page, slide the Device Posture is enabled toggle switch OFF.
- Select I understand all device posture checks will be disabled.
- Click confirm and disable.
- Now enable the device posture by sliding the Device Posture is disabled toggle switch ON.
- In the confirmation window, select both of the following options.
- Enable device posture in test mode
- I understand the impact on subscriber experience
- Click confirm and enable.
Transition from test mode to production
To transition from test mode to production, you must first disable Device Posture in the test mode and then enable Device Posture again without selecting the option Enable device posture in test mode.
Important:
- It is important to thoroughly review your policies before transitioning from test mode to production. Policies that were set up in test mode might behave differently when enforced in production, potentially impacting user access specifically Deny Access. In test mode, Deny Access is effectively treated as Non-Compliant, allowing users to continue accessing the system without disruption. However, in production, this outcome directly blocks access, potentially impacting user experience and operations.
- Also, when transitioning from test mode to production, there might be potential downtime. It is recommended to plan your transition carefully to minimize disruptions.