Trusted identity. Trusted device.
Phishing-resistant authentication proves who is signing in. Device trust proves the machine they're on meets your security standards — without managing, monitoring, or controlling it.
For when you also need to verify the device
A user with a valid passkey signing in from a laptop with no disk encryption, no firewall, and an outdated OS is a verified identity on a compromised device. You need both.
Identity verified
Passkeys prove who the person is. Biometric verification on a hardware-bound credential. Phishing resistant. Replay resistant.
Device unknown
Is the disk encrypted? Is the firewall on? Is the OS patched? Without device trust, you're authorizing access blind.
Both verified
Device trust closes the gap. The right person, on a compliant device, accessing the right application. That's zero trust.
Four signals. One compliance decision.
The Trustaige agent runs on macOS, Windows, and Linux. It checks four security signals and reports a pass or fail to the server. That's all it does.
Disk Encryption
FileVault on macOS. BitLocker on Windows. LUKS on Linux. If the disk isn't encrypted, a stolen laptop means exposed data.
Firewall
macOS Application Firewall. Windows Defender Firewall. UFW or firewalld on Linux. A device without a firewall is open to network-level attacks.
Screen Lock
An unlocked, unattended laptop is an open door. Screen lock verification ensures the device locks automatically when left idle.
OS Version
Unpatched operating systems carry known vulnerabilities. OS version checks ensure devices are running supported, patched software.
Compliance is enforced at authentication
Device trust isn't a dashboard you check manually. It's enforced every time a user authenticates to a protected application. Non-compliant device? Access denied.
User signs in
Passkey verified
Device checked
Posture evaluated
Access granted
Or denied
Per-application policies
Require device trust for your most sensitive applications โ admin panels, financial systems, source code repositories โ while leaving lower-risk apps unrestricted.
Continuous compliance
The agent reports posture at regular intervals. If a device falls out of compliance between authentications, the next sign-in is blocked until the issue is resolved.
Device posture, not device data
Traditional device management (MDM) gives your IT team the ability to remotely wipe devices, read installed apps, track location, and control features. The Trustaige agent does none of that.
What the agent checks
- Disk encryption enabled
- Firewall active
- Screen lock configured
- OS version supported
What the agent never does
- Remotely wipe or lock your device
- Read files, emails, or messages
- List installed applications
- Track location
- Install profiles or certificates
- Control device features or settings
Transparency by design
The agent shows a menu bar icon with a "What We Collect" disclosure that lists every signal it reports. Users can see their compliance status in real time. The agent can be uninstalled at any time — it's consent-based, not forced.
Cross-platform
The Trustaige agent runs on macOS, Windows, and Linux. On macOS it includes a native menu bar interface. On all platforms, it collects the same four signals and reports to the same server.
macOS
Native menu bar app. FileVault, Application Firewall, screen lock, and OS version. Universal binary for Intel and Apple Silicon.
Windows
Background service. BitLocker, Windows Defender Firewall, screen lock, and OS version.
Linux
Headless daemon. LUKS disk encryption, UFW/firewalld, screen lock, and OS version.
Device trust applies to desktop and laptop devices where sensitive work happens — the machines with access to admin panels, code repositories, and financial systems. Mobile devices authenticate via the browser without requiring an agent.
Built for organizations that care about privacy
BYOD environments
Employees won't accept MDM on personal devices. The Trustaige agent checks security posture without managing or surveilling the device. Users install it voluntarily and can remove it anytime.
Contractor and vendor access
You can't install MDM on devices you don't own. But you can require that contractors' laptops meet your security baseline before they access your systems.
Privacy-regulated industries
GDPR, CCPA, and sector-specific regulations require data minimization. The agent collects only four boolean signals โ the minimum needed to verify device security hygiene.
Remote and distributed teams
Remote employees work from home networks, co-working spaces, and airports. Device trust ensures every laptop meets your security baseline regardless of where — or how — the team works.
Verify the person and the device
Combine phishing-resistant authentication with privacy-first device trust. No passwords. No surveillance. No compromise.
