Frequently asked questions

1. What powers 1Password Device Trust?

1Password Device Trust is built using osquery, which allows admins to query their fleets based on thousands of device properties. This lets admins have a complete device inventory with real-time insights into each device’s health and security. 


2. What do 1Password Device Trust Health Checks help admins do?

1Password’s Device Trust comes with more than 100 pre-built Checks based on common security and compliance concerns. On top of that, it allows admins to write their own custom Checks. This enables device trust admins to do things like:

• Identify when sensitive data is downloaded
• Ensure the timely deletion of sensitive data
• Detect unsafe browser extensions
• List Mac system extensions
• Detect the storage of plain-text credentials and SSH keys
• Require updates for OS, browsers, and other software
• Require that MDM and EDR tools are present and functioning properly


3. How are the end-user remediation instructions written?

1Password Device Trust writes end-user remediation instructions for all pre-built Checks and requires them for custom Checks. This helps reduce the number of IT support tickets, since employees have agency over their devices and workflows and are never locked out without warning. 


4. How is 1Password Device Trust aligned with privacy mandates?

1Password Device Trust is built on the principles of honest security. This is why we include a privacy dashboard for each employee that shows what data our agent collects, and its potential impact on user privacy. This can help companies prove their commitment to meeting GDPR and CCPA requirements related to transparency and data minimization.


5. Will 1Password Device Trust interfere with other osquery-based agents? 

In most cases there should be no conflict, and many of our customers are successfully running multiple osquery-based agents. 

6. Will the agent impact computer performance for my team? 

No, the Device Trust / the Kolide agent is designed to be light-weight and will perform checks in a way that minimizes computer resource use. The agent uses negligible resources and should have no impact on performance on most systems.