Ensure Endpoint
WINDOWS 365 EXTERNAL ACCESS

Extend Windows 365 to contractors. No MDM enrollment.

Check the device. Hand them a Cloud PC. Same Conditional Access policy. No Intune on the contractor's machine.

Book a demoSee the M365 integration
Works with Entra Conditional AccessNo MDMWindows 365 compatible

Key facts

  • PosturePass adds a device-trust layer to Microsoft Entra Conditional Access so contractors can sign in to Windows 365 Cloud PC from unmanaged devices.
  • No MDM or Intune enrollment is required on the contractor's physical device. No agent runs inside the Cloud PC.
  • The same Conditional Access policy you use for employees evaluates the PosturePass compliance signal alongside identity, MFA, and location.
  • PosturePass is a security layer for Windows 365, not a replacement for it. Windows 365 still provides the Cloud PC.
  • The agent verifies disk encryption, antivirus, firewall, OS version, and screen lock on Windows and macOS.
  • Contractors self-install the agent in minutes; access decisions take effect on the next sign-in.

Where Windows 365 stalls for external users

Employee rollout is straightforward through Intune. Contractors, vendors, and partners are where most Windows 365 deployments get stuck.

Keep legacy VDI alongside Windows 365

You run two stacks for the same users. Operations get messier, not cleaner.

Offer web-only access to external users

Contractors get a reduced experience instead of a full Cloud PC.

Skip device verification

Identity alone leaves a gap. You can't see the state of the device.

Verify the device before Windows 365 access

PosturePass adds a device-trust layer to your Conditional Access policy. Same Cloud PC. No MDM on the contractor's device.

How PosturePass works with Windows 365

A device-trust layer for Conditional Access. No MDM on the contractor's device. No agent on the Cloud PC.

PosturePass checks the contractor's device

A light agent verifies encryption, patch level, and core security controls on the endpoint.

Result goes to Entra Conditional Access

PosturePass reports compliance, the same way Intune supplies posture for managed devices.

Policy grants or blocks the Cloud PC

Your Conditional Access policy uses the signal to decide who reaches Windows 365.

See the full walkthrough

A SECURITY LAYER, NOT A REPLACEMENT

PosturePass verifies the device opening the Cloud PC.

Conditional Access verifies identity. PosturePass adds device posture for the unmanaged machines the contractor actually uses.

The full verification flow

How the agent checks the device, reports to Conditional Access, and fits your existing policies.

How it works

Want to learn more?

Book a 30-minute demo with our team.

Book a demoHow it works