Device Auth: Snooze and Exemption Requests
Does this situation sound familiar?
Kolide has alerted you that you need to install an OS update in the next few days. You know you need to do it, but you put it off, and then you put it off some more, until eventually your device is blocked. Unfortunately, you don’t realize this until the worst possible time, right before a big meeting, and of course, you can’t sign in. Now what? If only you could get a little extra time!
Let me introduce you to snoozing. Snoozing allows you to request 8 extra hours to fix issues currently blocking your device. It’s automatic and does not require admin approval.
Snoozing is really just meant for these emergency situations that can crop up. Unlike my alarm clock, you can’t keep smashing the snooze button over and over again; you have to wait a week to snooze again.
Controlling Check Snoozability
Now, Kolide admins, listen up. If you want certain checks to be unsnoozable, you can set that option in the Check’s device trust settings.
Once set, end-users will no longer be able to snooze this Check.
Changes to Exemption Requests
The big inspiration for this change was our discovery that exemption requests were being used for “temporary extensions” as they were previously automatically approved on a provisional basis. With snoozing now available, we’ve removed that automatic provisional approval. This means exemption requests are only granted when explicitly approved by administrators. Of course, any old open exemption requests that were previously provisionally approved will stay that way; this is just for new exemption requests going forward.
You can read more about exemption requests in our knowledge base.