ENDPOINT VERIFICATION

Endpoint verification, without MDM enrollment.

PosturePass checks the device at sign-in, sends the result to Entra Conditional Access, and writes an audit-ready record. Works for unmanaged contractor, partner, and BYOD devices.

See it live Run your numbers

No MDMEntra & OktaWindows & macOS

What endpoint verification does

Three jobs. One check at sign-in.

Reads device posture

A background agent inspects the controls that matter. No admin rights, no remote management.

Feeds the access decision

PosturePass posts a compliance signal to Entra Conditional Access. Your policies grant or block.

Writes audit-ready evidence

Every check produces a timestamped record. Export for ISO 27001, NYDFS, FINRA, and more.

How the verification check runs

Five steps. No change to sign-in.

Endpoint Verification Flow

Broker Device

Personal laptop

PosturePass Check

Posture verified

Identity Provider

Okta / Entra ID

Protected App

Access granted

device-posture-signal → IdP conditional access

Broker Device

Personal laptop

PosturePass Check

Posture verified

Identity Provider

Okta / Entra ID

Protected App

Access granted

posture signal → IdP

What gets verified on each device

The controls auditors expect, checked at every sign-in.

Disk encryption

BitLocker on Windows, FileVault on macOS.

Antivirus & firewall

Active AV product and host firewall enabled.

OS version

Supported, patched Windows or macOS build.

Screen lock

Auto-lock policy in force after inactivity.

Unauthorized RAS tools

TeamViewer, AnyDesk, RustDesk, and 18 others.

See the full list of unauthorized remote access tools PosturePass detects.

How the result reaches Entra Conditional Access

PosturePass writes a compliance attribute on the user object after every check. Entra Conditional Access reads that attribute alongside identity, MFA, and location when making the access decision.

Failed devices receive guided fix steps. Most issues resolve in minutes without a help-desk ticket. The retry then re-runs verification and updates the attribute.

See the full flow on the M365 contractor access page.

Every check creates audit-ready evidence

Exportable records for ISO 27001, NYDFS, FINRA, and more.

Sample verification log

audit-log, live

2025-01-15 09:14:22MBP-7842[email protected]

pass

macOS 14.2FileVault: On

2025-01-15 09:16:08WIN-3391[email protected]

fail

Win 11 22H2BitLocker: Off

2025-01-15 09:18:45WIN-3391[email protected]

remediated

Win 11 22H2BitLocker: On

Frequently Asked Questions

Still have questions?

Talk to our team about your specific compliance or distribution requirements.

See it live

See endpoint verification live

Sign-in, device check, remediation, and a sample audit log. 15 minutes. No slides.

See it live See how it works