Pillar three
Posture, policy, and the access decision are not events at login. They are a loop that runs while a session is alive and adjusts in seconds when anything material changes.
Authentication answers who. Verification answers whether you should still be here.
In depth
The agent reports posture continuously. The platform scores it, runs the policy engine on the resulting context, and adjusts the access decision without waiting for the next login.
Firewall, disk encryption, screen lock, antivirus, OS version, and integrity attestation reported on a rolling interval.
A composite score from posture inputs that drives the access decision. Scoring rules are configurable per tenant.
A drop in posture mid-session adjusts the access decision in seconds, with the change recorded in the audit log.
Decisions can include time of day, IP range, geographic location, recency of MFA, and any directory attribute.
Policies are signed at issuance. The agent verifies the signature before honouring the policy.
Tenants do not see or affect each other's policy. The boundary is enforced at the data layer.
Policies can target a specific device, a class of devices, or all devices for a user. Decisions are recorded with the matched scope.
Devices fetch and verify the current policy on a short interval, with a server-pushed update when policy changes mid-window.