Skip to main content

Device trust

Device trust validates device posture, ownership, and compliance before granting access by applying Zero Trust principles that evaluate both user identity and device security status. Access decisions factor in device health, management status, and compliance with security policies.

💡 Why this matters
You prevent session hijacking, credential theft, and unauthorized access by ensuring only compliant, trusted devices can access sensitive resources and applications.

Key capabilities​

  • Device posture enforcement – Check OS versions, patches, browser status, and MDM compliance before access
  • Device-bound authentication – Bind credentials to trusted devices using passkeys, certificates, or hardware tokens
  • Continuous session assurance – Monitor device status throughout sessions and enforce real-time policy changes
  • Cross-platform support – Secure Windows, macOS, Linux, iOS, and Android devices with unified policies
  • Hybrid environment coverage – Apply device trust to on-premises, cloud, and remote access scenarios

Outcomes​

Organizations that implement device trust typically achieve:

  • Reduced security incidents from compromised or unknown devices
  • Enhanced Zero Trust posture with device-level policy enforcement
  • Improved compliance through consistent device security standards

Design principles​

  • Apply defense-in-depth by combining device trust with user authentication
  • Implement continuous monitoring rather than point-in-time device checks
  • Use risk-based policies that adapt to device posture and environmental factors
  • Plan for diverse device types including managed, unmanaged, and shared endpoints

Where to configure​

Use these guides to implement device trust:

Compliance note​

Device trust supports regulatory compliance by providing technical controls for device-based access decisions, comprehensive audit trails, and the ability to enforce security standards required by various frameworks.

FAQ​

Which device types are supported?

Device trust works across Windows, macOS, Linux desktops, iOS and Android mobile devices, and can integrate with VDI environments.

Can device trust work with unmanaged devices?

Yes. Device trust can apply appropriate security checks and restrictions to unmanaged devices while allowing controlled access based on risk policies.

How does continuous assurance work?

Device status is monitored throughout user sessions, with the ability to lock sessions, require re-authentication, or terminate access if device posture changes.

Does this integrate with existing MDM solutions?

Yes. Device trust integrates with MDM platforms to leverage existing device management policies and compliance status in access decisions.

What happens to sessions when device trust is lost?

Based on policy configuration, sessions can be locked, require step-up authentication, or be terminated when device trust criteria are no longer met.