Device Posture
See how healthy/trusted this device is against five security pillars, and understand the risk score that other features (like NAC) use to gate access.
The five pillars
The Posture tab evaluates each pillar as pass/fail for the device:
| Pillar | Passes when… |
|---|---|
| Antivirus | An AV/EDR is present and active (Defender, XProtect, ClamAV, CrowdStrike, …) |
| Firewall | The host firewall is on (Win NetFirewallProfile, macOS ALF, Linux ufw/firewalld) |
| Disk encryption | The system drive is encrypted (BitLocker / FileVault / LUKS) |
| Patch | The OS is up to date on patches |
| Screen lock | Auto‑lock with password is enforced |
Each failing pillar adds its weight to the device's risk score — higher = less trusted.
Read it and act
- Open the device → Posture.
- Check which pillars fail and the resulting risk score.
- Remediate the failing pillar on the device (enable BitLocker, turn on the firewall, install AV, patch), then it re‑evaluates on the next check.
Tune the rules
Posture rules are defined once and reused. You can adjust each pillar's weight or Ignore a pillar entirely where it doesn't apply (e.g. ignore screen lock on headless servers). To gate network access on posture (quarantine or limit non‑compliant devices), wire it up in RADIUS → Posture Rules.
tip
Use this tab to see why a device would be denied before it happens — the failing pillar tells you exactly what to fix.