Guide
TrainingSupportCommunity

Define device risk tags

Suggest Edits

Device risk tags let you create custom rules that assess device risk independent of tiers. In addition to configuring Device Posture risk tiers, you can optionally configure risk tags. With tags, you can assess the risk of devices accessing your applications based on specific criteria and rules. Device risk tags allow you to classify device risk independently of tiers.

Risk tags may be used as a way of controlling application access or for monitoring your device population independent of application access. Each device may be classified into zero, one or more risk tags. You can use risk tags alone or together with risk tiers when configuring application access control rules.

When you add multiple criteria to a rule, they are evaluated with the AND logic operator. If a device meets all the criteria, it satisfies the rule.

When you add multiple rules to a tag, they are evaluated with the OR logic operator. If a device meets any of the rules, it is classified as part of the tier.

📘

You may configure up to ten tags. Attempting to configure more than ten tags results in an error.

For example, imagine that you want to configure a tag to classify desktop devices that have a healthy running EAA Client, and are running the latest or up-to-date EAA Client versions. Criteria are evaluated with the AND operator, so a device needs to meet all the criteria to belong to the tag. Refer to the figure, Add multiple criteria.

Next, you create another rule to classify mobile devices that have a healthy running EAA Client, and are running the latest or custom EAA Client versions. Since multiple rules are evaluated with the OR operator, a device needs to meet at least one of the existing rules to belong to the tag. Refer to the figure, Add multiple rules.

  1. In the Enterprise Center navigation menu, select Application Access > Device Posture > Tags.

  2. To add a new tag click Add Tag (+).

  3. Enter a unique name in Tag name. For example, enter EAA Client Status.

  4. In OS, select the operating system for the criteria. For desktop devices, select macOS and Windows.

  5. In Criteria, select EAA Client Status. Next, select Healthy which is the single allowed value for this criterion.

  6. Click Add Criterion (+).

  7. In Criteria, select EAA Client Version. Next, select values, for example, Latest and Up to date versions.
    The new tag rule now contains two criteria that a device must meet to belong to the tag. To add multiple criteria select all the required values.

Risk_tag_multiple_criteria

  1. Now, you can add a new rule to the tag. Click Add Rule (+).

  2. In OS, select the operating system(s) for which you're going to set the rule. Select Android and iOS.
    You can see that when you select one operating system - for example, Android- the OS options for desktop devices become inactive.

    📘

    Since Device Posture collects different signal types from desktop and mobile devices, you may select either a desktop or mobile operating system but not both.

  3. In Criteria, select EAA Client Status. Next, select Healthy which is the single allowed value for this criterion.

  4. Click Add Criterion (+).

  5. In Criteria, select Mobile EAA Client Version. Next, select values, for example, Latest and Custom versions.
    You can click Delete Criterion (-) to remove unnecessary conditions.
    Click Delete Criteria Rule to remove the entire rule.
    To add multiple rules select all the required values.

Risk_tag_multiple_rules

  1. Click Save Rules.
    The Save Device Posture Rule dialog appears, displaying the number of devices that would be classified into the tag with the new configuration. Device Posture calculates and displays the change in number of devices from the current configuration and displays this value in parenthesis. This allows you to preview changes to see what type of impact they may have before saving and making them active.

  2. Click Save Rule to save the tag to your configuration or Cancel to delete the changes.

Next steps:

  • Use the configured risk tags to set up application access controls. See EAA access control rules.

  • Monitor your device inventory using the Device Posture dashboard. On the dashboard, you can check all configured tags and verify how many devices meet their criteria. See Device Posture dashboard.

If you need more details, hover over and click a selected tag. For example, you can click the EAA Client Status tag on the tags chart. This redirects you to the Device Posture inventory report filtered to show only the devices that belong to the selected tag. See Create an inventory report.

Updated over 1 year ago