New: Preview Remediation Strategy Impact

Jason Meller
June 4th, 2024

You’ve got Kolide rolled out, you’ve got a few Checks running, and it’s finally time for the moment of truth, let’s set up blocking!

There’s just one problem, how do I know what my users are in store for? If I turn on “Warn then Block”, how many devices will be in the warning phase? How many will be blocked tomorrow? How many are already blocked? Will the CEO of my company be blocked?

When we speak with customers, these are critical questions they ask us before they feel confident enabling any remediation strategy on a Check. So it always felt off that we didn’t provide answers to these questions right where our customers needed them, in the Check’s configuration UI. Well, I am excited to report that we have done exactly that. Let me walk you through it.

Once you click Configure… in the remediation strategy section of the Check configuration pane, a new pop-up will appear that looks like this:

The impact preview appears to the left of the sidebar as soon as you begin editing the remediation strategy of a Check.

This pop-up is organized into four columns:

  1. Remediation Stage - Which can be one of the four stages:

    • Pre-Warn/Pre-Notify - The Device is failing the Check but the end-user has not been notified/warned about it as they are still within the grace period.
    • Warn/Notify - The Device is actively failing the Check and the end-user is being actively notified/warned about it via the Menu Bar app or as they authenticate to a Kolide protected app.
    • Blocks < 24h - Equivalent to Warn/Notify except the Device will transition to a blocked state within 24 hours.
    • Blocked - The Device is currently blocked from authenticating to apps protected by Kolide.
  2. Current - The outcome of the pre-existing remediation strategy on registered devices across the remediation stages.

  3. Proposed - The outcome of the proposed remediation strategy on registered devices across the remediation stages.

  4. Net - The difference between Current and Proposed.

In addition to viewing the counts, you can also click any count within the Current and Proposed columns to see a listing of devices that count represents.

As you make changes to the Check’s remediation strategy configuration, the pop-up will update in real-time.

As you make changes to the remediation strategy settings, the impact is updated live in real-time.

Even better still, you can click into any of the Current and Proposed counts and see an inline listing of devices. You can even search that list for specific device names or their registered owners (in case you are worried you might accidentally block a VIP). This navigation and any searches are preserved as you make changes to the Check and switch between states.

The device listing allows you to easily see the devices and people who will be impacted by your changes.

Finally, we’ve broken out the “Don’t Block Until…” settings so that they are always available to be set, in both the Block Immediately and the Warn and then Block strategies. Previously, this setting was only conditionally shown when we believed a remediation strategy change you made might result in blocking devices right away, now with this new impact preview, we can keep this setting available at all times.

We hope that this feature gives you additional confidence as you make changes to a Check’s remediation strategy. As always, you can read more about this feature in our product documentation.

Share this story:

More articles you
might enjoy:

Improvements to Rechecking After an OS Update
Jason Meller
Improvement: Add Internal Notes for Requests
Jason Meller
Improvements to Kolide Device Removal
Jason Meller
Watch a Demo
Watch a Demo