Verify independent agent devices without MDM.
PosturePass checks every agent login and produces NYDFS-ready evidence. Agents self-install on Windows or macOS.
What PosturePass makes possible
What one PosturePass check covers
Most agents work from BYOD devices accessing Microsoft 365 without MDM. PosturePass verifies posture at sign-in.
100%
of agent logins verified
Verify the device, not the attestation
PosturePass checks encryption, patches, firewall and screen lock at every agent login. Identity alone is no longer the only gate.
1-click
NYDFS evidence export
Produce audit evidence on demand
Every check writes a timestamped record. Export the device-control evidence examiners ask for, without chasing thousands of agents.
< 5 min
average agent setup
Onboard agents without MDM
Agents install a lightweight check on their own device. Most self-remediate failed checks without a help-desk ticket.
Your situation
Common starting points
Compliance Officer
I need defensible evidence for the next NYDFS exam
Replace annual paper attestations with continuous verification. Every login produces the device-control evidence Part 500 expects.
See the audit evidenceCISO / Security Architect
I need to verify devices I do not manage
Independent agents touch nonpublic information from devices outside your control. PosturePass plugs into Entra Conditional Access.
See the architectureDistribution Leader
I need to onboard agents without slowing distribution
Self-enrollment removes the IT provisioning bottleneck. Agents stay productive on their own device, on Windows or macOS.
See the workflowIn production since 2019
How a national carrier verifies 8,000+ broker devices without MDM.
Continuous device verification, exportable evidence, no agent on the carrier's side. The same architecture that satisfies a state insurance examiner.
Read the case study7+ years
in continuous production at U.S. carriers
8,000+
third-party devices verified per deployment
Three steps
How PosturePass verifies an agent device at login.
The agent signs in as they do today. PosturePass runs the check, posts the result to your access policy, and writes a tamper-evident record.
Agent signs in to the carrier portal
Two lines of code on your portal trigger PosturePass on sign-in. No corporate enrollment, no new identity.
Device posture is verified in seconds
Encryption, antivirus, firewall, OS patch level and screen lock. Failed checks get guided steps before access is granted.
NYDFS evidence is logged automatically
Every check produces a timestamped record: agent, device, controls, result, remediation. Export anytime for examiners.
Regulatory mapping
NYDFS Part 500: where PosturePass fits.
Examiners ask how you enforce controls and what evidence you can produce. PosturePass covers the device-facing sections directly.
| Section | Requirement | What PosturePass documents |
|---|---|---|
| §500.7 | Access privileges | Device posture is verified at every login. Access denied if the device fails policy. |
| §500.11 | Third-party security policy | Your policy is enforced at every login. Evidence is created automatically. |
| §500.12 | Multi-factor authentication | Device posture is layered with your existing MFA through Conditional Access. |
| §500.13 | Asset inventory | Every verified agent device is recorded in an exportable inventory. |
| §500.17 | Annual attestation | Reports back your attestation across policy, enforcement, inventory and monitoring. |