Hi Netskope community, I’ve deployed NPA for my company for several years now, with the re-auth feature enabled (every X days). This feature is leading to some difficulties in autopilot context + comes with few “bug” here and there, with complains from few users requiring to manually re-auth. While reviewing those problems, I’m challenging the utility of this feature in my context:I have Windows 11 environment, all devices hybrid joined when the auth expired, there is a popup appearing, getting the local windows auth token automatically and disappearing by itself after few seconds I have a conditional access rule in azure disabled MFA for NPA app when it comes from trusted corporate device. Nobody in the company had to enter credentials because the auth is always OK since it comes from local windows session.In this situation, for windows corporate laptop, I’m wondering if there is any reason to enable this feature from a security standpoint.I know that Netskope is recommending to activate this (https://docs.netskope.com/en/secure-tenant-configuration-and-hardening/) but don’t see the point in this context.Any opinion here ? Where I see a benefits is more for non-corporate devices (partners) where the local windows session is a non-corporate one, hence the auth dedicated to NPA is relevant here.

Is re-auth feature useful in a windows corporate workstation context

Hi Netskope community,

I’ve deployed NPA for my company for several years now, with the re-auth feature enabled (every X days). This feature is leading to some difficulties in autopilot context + comes with few “bug” here and there, with complains from few users requiring to manually re-auth.

While reviewing those problems, I’m challenging the utility of this feature in my context:

I have Windows 11 environment, all devices hybrid joined
when the auth expired, there is a popup appearing, getting the local windows auth token automatically and disappearing by itself after few seconds
I have a conditional access rule in azure disabled MFA for NPA app when it comes from trusted corporate device.
Nobody in the company had to enter credentials because the auth is always OK since it comes from local windows session.

In this situation, for windows corporate laptop, I’m wondering if there is any reason to enable this feature from a security standpoint.

I know that Netskope is recommending to activate this (https://docs.netskope.com/en/secure-tenant-configuration-and-hardening/) but don’t see the point in this context.

Any opinion here ?

Where I see a benefits is more for non-corporate devices (partners) where the local windows session is a non-corporate one, hence the auth dedicated to NPA is relevant here.

Be the first to reply!

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded