Check the health of a Windows device

You can view the security health of your device to identify if it's exposed to any security risks.

Okta Verify performs several security checks:

• OS version: Indicates if the operating system (OS) version of your device is up to date.
• Biometric verification: Indicates if biometrics (for example, Touch ID) is enabled for your device.
• Disk encryption: Indicates if the hard disk of your device is encrypted with BitLocker.

A green check mark confirms that your device meets Okta device security recommendations. A yellow exclamation mark indicates that you should change some settings to better secure your device.

1. Open Okta Verify.
2. Click the Device health icon in the top-right corner.
   

   If you must take remediation actions, a badge appears on the Device health icon.

   
3. Click the gear icon.
4. Click View device health.
5. View the health status of each security check for your device.
   • If all checks passed, your device is secure.
   • If you find warnings, follow the instructions in the table to fix the issues. For example, you might have to update the Windows version to include a security patch or enable biometrics on your device (such as face recognition or fingerprint verification).

   Message	Remediation
   Update to Windows version number	Update your operating system. Windows 10 From the Start menu, click Settings > Update & Security > Windows Update. Windows automatically checks for updates and downloads any available updates. After the download is complete, click Restart now to install the updates. Your computer restarts and the installation process begins. Follow any instructions to complete the installation process. Your computer restarts after the installation process is complete. Windows 11 From the Start menu, click Settings > Windows Update. Windows automatically checks for updates and downloads any available updates. If there are updates available, click Download and install. Follow any on-screen instructions to complete the installation process. Your computer may restart several times during the installation process.
   Enable Windows Hello for the lock screen	Enable Windows Hello on your device. From the Start menu, click Settings > Accounts > Sign-in options. Under Windows Hello, click Set up if you haven't already set up Windows Hello. If you have already set up Windows Hello, click Improve recognition. Follow the instructions to improve recognition. This may involve positioning your face in front of the camera or placing your finger on the scanner multiple times. When the recognition process is complete, click Done.
   Encrypt all internal disks with BitLocker	Encrypt the drives on your device. In the search box in the Windows task bar, type Manage BitLocker and select it from the list of results. In the BitLocker Drive Encryption window, find the drive you want to encrypt and click Turn on BitLocker. Choose how you want to unlock the drive, either with a password or Smart Card. If you choose a password, make sure it's a strong and memorable one. Choose where you want to store your recovery key. You can save it to your Microsoft account, as a local file, or on a USB drive. If you choose to save it to a file or USB drive, make sure to keep it in a safe place. Choose whether to encrypt the entire drive or just the used space. Encrypting the entire drive provides better security, but takes longer. Click Start Encrypting to begin the encryption process. Wait for the encryption process to complete. This may take some time, depending on the size of your drive and the encryption method you chose. When the encryption process is complete, your drive is locked and you must enter your password or insert your Smart Card to unlock it.

   If you need more details, refer to the support documentation for your device: Windows Support.

Related links

Manage Okta Verify settings on Windows devices