Skip to main content

Device Posture

See how healthy/trusted this device is against five security pillars, and understand the risk score that other features (like NAC) use to gate access.

The five pillars

The Posture tab evaluates each pillar as pass/fail for the device:

PillarPasses when…
AntivirusAn AV/EDR is present and active (Defender, XProtect, ClamAV, CrowdStrike, …)
FirewallThe host firewall is on (Win NetFirewallProfile, macOS ALF, Linux ufw/firewalld)
Disk encryptionThe system drive is encrypted (BitLocker / FileVault / LUKS)
PatchThe OS is up to date on patches
Screen lockAuto‑lock with password is enforced

Each failing pillar adds its weight to the device's risk score — higher = less trusted.

Read it and act

  1. Open the device → Posture.
  2. Check which pillars fail and the resulting risk score.
  3. Remediate the failing pillar on the device (enable BitLocker, turn on the firewall, install AV, patch), then it re‑evaluates on the next check.

Tune the rules

Posture rules are defined once and reused. You can adjust each pillar's weight or Ignore a pillar entirely where it doesn't apply (e.g. ignore screen lock on headless servers). To gate network access on posture (quarantine or limit non‑compliant devices), wire it up in RADIUS → Posture Rules.

tip

Use this tab to see why a device would be denied before it happens — the failing pillar tells you exactly what to fix.