Device Security Posture Checks

additional resources

Help Center ↗

Changelog

FAQ

Twingate Trust Center

GDPR Compliance

HIPAA Compliance

PCI Compliance

SOC 2 Report

Responsible Disclosure Policy

Device Security allows you to define trusted devices and incorporate those definitions into Security Policies for your Network or for individual Resources. As part of this, the Twingate desktop and client applications perform device posture checks to enforce basic trust definitions.

The settings that are supported by Device Security are specific to each platform.

Windows

Posture check	What it reports
Hard drive encryption	If the system disk and other disks are encrypted by BitLocker
Screen lock	If a password is required when returning from screen saver via WinAPI function LogonUser
Firewall	If the firewall (Windows or third party) is enabled, as confirmed by the Windows Security Center
Antivirus	If antivirus (Windows or third party) is installed, as confirmed by the Windows Security Center
Minimum OS version	If the OS version meets set requirement Available for Windows 10, 11, and Windows Server 2022

macOS

Posture check	What it reports
Screen lock	If a password is required after sleep or screen saver begins
Biometric configuration	If either Touch ID or Face ID is configured Note: If the device lid is closed (clamshell mode), the device will always report that biometric configuration is disabled regardless of true configuration status
Firewall	If the firewall (native only) is enabled Note: Currently, if the device has “Block all incoming connections” enabled, the device reports that firewall is disabled. (Available only in the macOS standalone Client)
HD Encryption	If FileVault is on (Available only in the macOS standalone Client)
Minimum OS version	If the OS version meets set requirement Available for macOS 12-15

Linux

Posture check	What it reports
Firewall	If UFW, firewalld, or iptables firewalls are enabled (valid on Debian / Ubuntu, Centos / Fedora, and Arch Linux)
Hard drive encryption	If all partitions except /boot are encrypted (LUKS encryption) via the libcryptsetup library

iOS

Posture check	What it reports
Screen lock	If a password is required on the device
Biometric configuration	If either Touch ID or Face ID is configured
Minimum OS version	If the OS version meets set requirement Available for iOS 15-18

Android

Posture check	What it reports
Screen lock	If a screen lock is configured, regardless of type
Biometric configuration	If a biometric login has been configured (either fingerprint or facial recognition)
Hard drive encryption	If the hard drive is encrypted using File-Based Encryption

Last updated 16 days ago

Home

Guides

Use Cases

VPN Replacement

Infrastructure Access

Device Security Controls

Application Gating

Homelab & Personal Use Cases

Internet Security

Compliance

Architecture

How Twingate Works

How DNS Works with Twingate

Twingate vs. VPNs

Twingate vs. Mesh VPNs

Peer-to-peer Communication

How NAT Traversal Works

Encryption in Twingate

API

Getting Started with the API

Schema

Twingate Labs ↗

managing twingate

Quick Start

Automated Deployment

Connectors

Understanding Connectors

Deploying Connectors

Best Practices

Updating Connectors

Advanced Connector Management

Resources

Remote Networks

Aliases

Usage-based Auto-lock

Ephemeral Access

Team

Users

Groups

Identity Providers

Security Policies

Policy Guides

Two-Factor Authentication

Devices

Client Application

Managed Devices

Device Administration

Services

Headless Clients

CI/CD Configuration

Analytics

Network Overview

Audit Logs

Network Traffic

User Activity

Syncing Data to AWS S3

Internet Security

DNS Filtering

DNS-over-HTTPS (DoH)

Internet Security Client Configuration

Exit Networks

Administration

Admin Console Security

Subscription Management

Managed Service Providers

Cancel Your Subscription