IronWiFi
Device Trust is coming soon — request early access to be notified when it ships. Get early access →
Device Trust Hero
Coming Soon

Only Compliant Devices Will Get on Your Network

Device Trust will check device posture in real time before granting WiFi access. Non-compliant devices will be quarantined automatically — no exceptions, no manual review.

Get Early Access Talk to Sales
Trusted by 1,000+ organizations in 108 countries
★★★★★ 4.8 G2 (127)

Device Trust is an upcoming IronWiFi capability that will verify endpoint compliance — including encryption status, OS version, and antivirus presence — before granting WiFi network access. Once shipped, IronWiFi will check device posture in real time during RADIUS authentication and automatically quarantine non-compliant devices into restricted VLANs without manual IT intervention or additional endpoint agents.

Enforce Device Compliance at the WiFi Layer

Six capabilities planned for launch — designed to keep untrusted endpoints off your network

Real-Time Posture Checks

Will verify device encryption, OS version, and antivirus status on every connection. Posture will be evaluated at authentication time — not just once at enrollment.

MDM Integration

Will pull compliance data live from Intune, Jamf, and Workspace ONE at launch. Access decisions will reflect your MDM's real-time view of each device's security posture.

Quarantine VLAN

Non-compliant devices will be automatically routed to a remediation network with restricted access. Users will see instructions to fix issues — no IT ticket required.

MFA Step-Up

Will trigger multi-factor authentication via Okta, Microsoft Entra ID, or Duo for sensitive networks. Unmanaged devices or high-security VLANs will require an additional verification step.

Compliance Dashboard

A real-time view of fleet compliance status with drill-down by device, OS, or department. You'll see which devices are compliant, which are quarantined, and why.

Remediation Workflows

Will guide users to fix compliance issues before granting full access. Quarantined devices will see step-by-step instructions specific to their failure reason.

How Device Trust Will Work

Once shipped, every connection will be evaluated against your security policy in real time

What We'll Check

  • Disk encryption enabled (BitLocker, FileVault, LUKS)
  • OS patch level meets minimum version
  • Antivirus / EDR agent running and up to date
  • Jailbreak and root detection
  • MDM enrollment status confirmed

What Will Happen Next

  • Compliant — Full network access will be granted
  • Partially compliant — Limited VLAN + notification to remediate
  • Non-compliant — Quarantine VLAN + remediation instructions

Zero Trust Will Start at the WiFi Layer

If you can't trust the device, you can't trust the connection. Device Trust will ensure every endpoint — including AI agents operating as machine identities — meets your security bar before it touches your network.

Frequently Asked Questions

When will Device Trust be available?

Device Trust is currently in development and not yet generally available. Customers who request early access will be notified when the feature enters preview and again at general availability. Get on the early-access list →

What is device trust?

Device trust will verify that every device connecting to your WiFi meets your organization's security requirements — encryption enabled, OS patched, antivirus running — before granting network access.

Which MDM platforms will you integrate with?

When launched, we'll support Microsoft Intune, Jamf Pro, and VMware Workspace ONE. We'll pull real-time compliance data directly from your MDM to make access decisions.

What will happen to non-compliant devices?

Non-compliant devices will be automatically quarantined to a remediation VLAN with limited internet access and instructions on how to become compliant. No manual intervention needed.

How quickly will quarantine take effect when a device becomes non-compliant?

Compliance changes from your MDM will be reflected in IronWiFi within minutes. The new VLAN assignment, however, takes effect at the device's next 802.1X re-authentication, which depends on your NAS session-timeout setting (often hours by default). For instant enforcement on a posture flip, IronWiFi's roadmap includes RADIUS CoA-Disconnect support that will force an immediate re-auth so the quarantine VLAN takes effect within seconds. CoA support varies by NAS vendor and will be configurable per-gateway.

How will MFA step-up work?

When a user connects from an unmanaged device or accesses a sensitive VLAN, IronWiFi will trigger an MFA challenge via your existing provider (Okta, Microsoft Entra ID, Duo). The MFA result will be cached to avoid repeated prompts on reconnection.

Get Early Access to Device Trust

  • Be first to try Device Trust when it ships
  • Share your MDM and posture requirements with our product team
  • 30-minute call — no pitch deck
Get Early Access Pick a Time →

In development — join the waitlist to be notified at launch