Device Posture Checks in Timus Manager let you enforce access policies based on the real-time security posture of user devices. This ensures that only healthy, compliant, and trustworthy endpoints are allowed to connectβregardless of whether the user has valid credentials.
As a core component of your Zero Trust Security architecture, posture checks shift access decisions from identity-based trust alone to context-aware access, incorporating endpoint risk into every session decision.
π To access this screen, go to Zero Trust Security β Device Posture Checks from the left-side menu
To use Device Posture Checks effectively, make sure your Endpoint Protection Platforms (EPPs) are properly integrated. Supported platforms include: Bitdefender, Heimdal, Microsoft Defender, and SentinelOne.
What Are Device Posture Checks?
Device Posture Checks allow you to define a set of required conditions a device must meet before access is granted. These conditions are evaluated using telemetry from the Timus Connect agent and integrated EPPs.
Examples of posture attributes include:
- Antivirus agent installed or signature updated
- Full disk encryption enabled
- Operating system version is within an allowed range
- No malware infections or unresolved detections reported by EPP
- Essential services and startup configurations are intact
Posture checks are continuously evaluated. If a device no longer meets the expected conditions, access can be dynamically revoked or downgraded using User Sign-In Policies and Behaviors.
Create a New Device Posture Check
Navigate to Zero Trust Security β Device Posture Checks. Youβll see a list of existing posture checks. Click Create New to define a new one.
General Settings
Configure the high-level properties of the posture check:
| Field | Description |
|---|---|
| Title | Name of the posture check (required, max 30 characters) |
| Status |
Enabled or Disabled
|
| Description | Optional summary for internal reference (max 70 characters) |
| Assigned Operating System | Target OS for this posture check: Windows, macOS, Linux, Windows Server, iOS, or Android
|
Each posture check is created per OS. After saving, you will proceed to define the logic using attributes.
Define Compliance Attributes
In the Attributes tab, you add one or more security conditions based on telemetry or EPP data.
| Field | Description |
|---|---|
| Data Source | Where the data is coming from (Timus Connect or EPP) |
| Attribute | Security or system state to evaluate |
| Condition | Logical operator (e.g., is equal to, is any of, none of them) |
| Pass Value | Value that must be met for the check to pass |
All attributes must be satisfied unless otherwise configured. For example, you can design posture checks that fail if any required value is missing (ideal for strict security teams).
Supported Data Sources by OS
Not all data sources are available on all operating systems:
| OS | Timus Connect | Bitdefender | Heimdal | Microsoft Defender | SentinelOne |
|---|---|---|---|---|---|
| Windows | β | β | β | β | β |
| macOS | β | β | β | β | β |
| Windows Server | β | β | β | β | β |
| Linux | β | β | β | β | β |
| iOS | β | β | β | β | β |
| Android | β | β | β | β | β |
Attribute Library (per Data Source)
Each data source exposes different posture elements:
πΉ Timus Connect
- Antivirus State
- Disk Encryption
- Firewall
- Operating System
- Running Processes
- Service State
- Startup Items
- Timus Connect Installed
πΉ Bitdefender
- Antivirus Agent Outdated
- Antivirus Agent Update Disabled
- Antivirus Agent Signature Outdated
- Antivirus Agent Signature Update Disabled
- Device Infected
- Malware Detected
- Disk Encryption
- Agent Installed
- Operating System
- Risk Score
πΉ Heimdal
- Detection Resolution
- Detection Status
- Vulnerable 3rd Party Software
- Probability of Infection
- Threat Severity
- Microsoft Update Severity
- Disk Encryption
- Operating System
- Risk Score
πΉ Microsoft Defender
- Antivirus Engine Mode
- Antivirus Engine Updated Mode
- Antivirus Platform Updated
- Antivirus Signature Updated
- Exposure Level
- Agent Installed
- Operating System
- Risk Score
πΉ SentinelOne
- Agent Installed
- Antivirus Agent Outdated
- Device Infected
- Disk Encryption
- Operating System
Monitoring & Reporting
Once deployed, each user device is evaluated at sign-ins. Failing devices are blocked or prompted with additional authentication steps depending on policies.
Logs and evaluation results are available under: Insights β Device Posture Reports
The device posture reports include:
- Summary of pass/fail rates
- Devices with repeated posture failures
- Top failing attributes
- Policy-level compliance trends
Updated
Comments
0 comments
Please sign in to leave a comment.