1Password Device Trust compliance FAQ

1Password Device Trust Compliance FAQ

What is changing with Device Trust enforcement?

Q: What does it mean that device compliance checks will be enforced? A: Starting October 27, 2025, all devices accessing company resources will need to meet our security requirements before access is granted. Previously, Device Trust was monitoring your devices but not blocking access when issues were detected. Now, if your device fails our security checks, you'll be temporarily blocked from accessing work applications until the issues are resolved.

Q: Which applications will be affected? A: Device Trust enforcement affects access to all applications in two ways:

SSO-protected applications: Any app you access through single sign-on will require device compliance
Non-SSO web applications: Through Extended Device Compliance, many web applications (even those not behind SSO) will also enforce these checks via the 1Password browser extension

Q: Will this affect my personal device if I use it for work? A: Yes, with some exceptions, any device you use to access work resources will need to meet our compliance requirements, including personal devices (BYOD). However, Device Trust is designed to respect your privacy and only monitors work-related security settings, not your personal data or activities. As a reminder, the Device Trust Privacy Center provides full transparency about what checks are running, what data is collected, and who has access to the information. You can access the Privacy Center from the Kolide menu bar app.

What security requirements must my device meet?

Q: What does Device Trust check on my device? A: Device Trust evaluates over 100 different security properties, but the most common requirements include:

Operating system and browser are up to date with security patches
Device encryption/disk encryption is enabled
Required security software is installed and running
1Password browser extension is installed and active
For managed devices: proper enrollment in company MDM

Q: Can I see what's being checked on my device? A: Yes! You can view all active checks and their status through the Device Trust Privacy Center, which shows exactly what information is being collected and evaluated on your device.

What happens when my device fails a compliance check?

Q: What will I experience if my device fails a check? A: When Device Trust detects a compliance issue, here's what typically happens:

Initial Warning: You'll receive notifications through the Device Trust menu bar app alerting you to the issue
Grace Period: You'll have time to fix the issue before access is blocked (timeframe varies by check type)
Access Blocking: If the issue isn't resolved, you'll be blocked from accessing work applications
Self-Remediation Guidance: You'll receive step-by-step instructions to fix the problem yourself
Automatic Restoration: Once you resolve the issue, access is immediately restored without IT intervention

Q: Will I be blocked immediately when a problem is detected? A: Not necessarily. The response depends on how the specific check is configured:

Report Only: No user impact, IT is simply notified
Notify Only: You'll receive gentle warnings but access won't be blocked
Warn Then Block: You'll receive warnings with a grace period before blocking occurs
Block Immediately: Access is blocked right away (typically reserved for critical security issues)

Q: What does a blocked experience look like? A: You’ll see a screen similar to this one upon login if your device is being blocked.

A screenshot of a device blockedAI-generated content may be incorrect.

When blocked, you'll see clear messages explaining:

Which security requirement isn't being met
Step-by-step instructions to fix the issue
Option to "snooze" the enforcement for a limited time if available
Link to additional help resources

How can I fix compliance issues myself?

Q: Can I resolve these issues without contacting IT? A: Absolutely! Device Trust is designed for self-remediation. When an issue is detected, you'll receive detailed, step-by-step instructions to resolve it yourself. This includes:

Specific settings to change with direct links when possible
Screenshots or visual guides for complex procedures
Estimated time required to complete the fix
Option to recheck your device status after making changes

Q: What if I can't fix an issue on my own? A: If you're unable to resolve an issue following the provided instructions, you have several options:

Submit an exemption request through the Device Trust portal explaining your situation
Contact Cobaltix (request@cobaltix.com) with the specific error details
Use the "snooze" feature if available to temporarily delay enforcement while seeking help

Q: How long do I have to fix issues before being blocked? A: This varies by the type of security issue:

Critical security vulnerabilities may have shorter grace periods
Standard updates and configuration issues typically allow several days
Some checks may offer "snooze" options that give you additional time
The exact timeframe will be shown in the warning messages you receive

Common scenarios and troubleshooting

Q: My operating system update is pending a restart. What should I do? A: Install the update and restart your device as soon as convenient. Device Trust understands that OS updates require restarts and typically provide reasonable grace periods. If you're in the middle of important work, look for a "snooze" option that allows you to delay the requirement for a few hours.

Q: I accidentally uninstalled the 1Password browser extension. What happens? A: If you remove the 1Password browser extension:

You'll immediately be redirected to a page prompting you to reinstall it
A warning modal will appear in your 1Password desktop app
You'll have a grace period (typically 7 days) to reinstall before access is blocked
During this time, you'll see persistent reminders to restore the extension
Once reinstalled, access is immediately restored

Q: I'm traveling and can't update my device right now. What are my options? A: Device Trust offers flexibility for situations like this:

Look for "snooze" options that provide temporary delays
Submit an exemption request explaining your travel circumstances
Use mobile hotspot if hotel/public WiFi is causing connectivity issues with updates
Contact Cobaltix (request@cobaltix.com) if you need an emergency exemption for critical business needs

Q: What if I disagree with a security requirement? A: While security requirements are set for everyone's protection, you can:

Submit an exemption request through the Device Trust portal with your business justification
Contact Cobaltix to discuss alternative solutions that meet security needs

Privacy and data concerns

Q: What information does Device Trust collect about my device? A: Device Trust focuses on security-relevant information only, such as:

Operating system version and patch level
Security software status
System configuration settings
Installed applications (work-related focus)
Hardware security features (like encryption status)

Device Trust does NOT collect personal files, browsing history outside of work applications, personal communications, or other private data.

Q: Can I see what data is being collected? A: Yes, the Device Trust Privacy Center provides complete transparency about what information is being gathered from your device and why it's needed for security compliance.

Mobile device considerations

Q: Should I install the Kolide app on my phone? A: It is recommended that you have the Kolide app installed and registered on your personal or company phone to prevent not being able to log into company apps from your phone. Device Trust only monitors security-relevant settings and doesn't interfere with or monitor your personal applications.

Getting help and support

Q: Who should I contact if I need help? A: For Device Trust issues:

First: Try the self-remediation instructions provided in the alert
Second: Submit an exemption request for issues you cannot resolve
Third: Contact Cobaltix (request@cobaltix.com) with specific error messages and device details

Q: Is there a way to test my device compliance before enforcement begins? A: Yes! You can check your current compliance status through:

The Device Trust menu bar app on your computer
The Device Trust Privacy Center

The menu bar icons for Windows and MacOS are below.

A screenshot of a phoneAI-generated content may be incorrect.

Q: What should I do if I think Device Trust made an error? A: If you believe your device is compliant but Device Trust indicates otherwise:

Try running a manual recheck if that option is available
Review the specific failure details to understand what's being detected
Submit an exemption request with details about why you believe it's incorrect
Contact Cobaltix for investigation

Make sure the 1Password browser extension is installed and active
Check that your device's firewall is enabled
Review your compliance status in the Device Trust Privacy Center

Q: When exactly will enforcement begin? A: Device Trust enforcement will begin on Monday, October 27 2025. We recommend ensuring your device compliance well before this date to avoid any access disruptions.

Remember: Device Trust is designed to protect our company's data while minimizing disruption to your work. Most issues can be resolved quickly through self-remediation, and the system provides clear guidance every step of the way.