Cloud Secure Edge Desktop App

  • Last validated: Jul 15, 2026

The desktop app is a cross-platform endpoint client, installed on end user desktop devices. The app is used to register and authenticate end user devices with the Cloud Command Center. Note that the desktop app is optional on MDM-managed devices on which you can install a Device Certificate via your device manager.

Why the desktop app

Access decisions in Cloud Secure Edge depend on knowing which device is making a request and whether that device meets your security posture requirements. The desktop app establishes that device identity and continuously reports device posture, so the platform can grant or deny access to services, hosted websites, infrastructure services, and service tunnels based on device trust rather than on network location alone.

How it works

  1. The desktop app registers the device with the Cloud Command Center and issues the device a Device Certificate that identifies it in later requests.
  2. The app performs Device Trust Scoring, evaluating device posture against your policies.
  3. When an end user accesses a resource, the platform uses the registered device identity and its current trust score to authorize the connection.

On MDM-managed devices, you can instead deliver the Device Certificate through your device manager, which is why the desktop app is optional in that scenario.

Tip: To install and register the app on end user devices, see Register the Desktop App & Supported OSs.

Sections

Register the Desktop App & Supported OSs

Desktop App Walk-through

Desktop App Capabilities and Components

Troubleshooting the Desktop App

Uninstall desktop app on multiple devices

Event Hooks

Event Hooks Implementation Guide

Device Certificates

Data Privacy and Security

Key features of the desktop app

The desktop app provides the following features:

Feature
Device Registration for device authentication
Device Trust Scoring for device posture checks
Auto-update capability
Device Trust Verification capability to support native “sandboxed” apps (i.e., iOS/Android/macOS/Windows apps that use WebViews for authentication and are unable to access the SonicWall CSE Device Cert placed in the device cert store or keychain)
Seamless deployment via Device Managers
Service bundles an end user can access and favorite
List of Hosted Websites an end user can access
List of Infrastructure Services an end user can access
List of Service Tunnels an end user can access
banyanproxy or sonicwall-cse-proxy to access TCP services using short-lived X.509 client certs
Run Diagnostic Tool for running a Health Check and/or troubleshooting
Was this page helpful?