Overview
Device posture profiles in ZPA help ensure that only compliant devices can access internal applications. A posture profile evaluates device attributes such as OS version, security software status, disk encryption, or custom checks before granting access. This article explains how to configure a posture profile in the ZPA Admin Portal.
Learn more about device posture profiles here Device Posture
Below are the steps to configure device posture profile
Step 1: Add Device Posture Checks
- Click Add Device Posture to define posture checks.
- Choose the platform(Windows, MAC, Linux, Android, ios)
- Choose a Posture Type from the available options, below are the few examples:
- OS Version: Ensure devices run on approved operating systems or minimum patch levels.
- Firewall: Validate that a firewall is enabled.
- Disk Encryption: Require BitLocker, FileVault, or other encryption enabled.
- Antivirus/EDR: Check for the presence and active status of supported security software.
- Certificate: Verify device certificate for corporate-managed devices.
- Custom Checks: Use registry paths, processes, or scripts for specialized requirements.
- Configure rule parameters (e.g., minimum OS version, encryption type).
- Save the rule.
Step 2: Configure access policy and enforce ZCC posture profile
The access policy rules enable you to implement role based access controls. You can configure an access policy that checks for posture verification and blocks the service if the verification is failed. To configure follow below steps
- Go to Policy → Access Policies.
- Add an access policy.
- Under Conditions, add the newly created Posture Profile and configure values as below screenshot
- Save and activate the policy.
Conclusion
When the user is denied access based on the configured device posture profile, the message configured in the access policy is displayed.