Device Classification

Device Classification

Device enforcement enables you to restrict access to cloud apps from corporate devices. A corporate device can be identified by monitoring these factors based the OS used on the device:

  • Windows: Encryption Status, Registry Settings, Process, File, Active Directory Domain, and Certificates
  • Mac: Encryption Status, Process, File, Active Directory Domain, and Certificates
  • iOS: Certificate (with MDM)
  • Android: OS Version, Required Passcode, Device Not Compromised, Primary Storage Encryption, and Managed Configuration (with MDM)
  • Chrome: Device Not Compromised, Primary Storage Encryption.
  • Linux: Encryption, Process, File, and Active Directory Domain.

Devices that match/pass these classification checks are considered managed. You can create policies to block, alert, or bypass managed or unmanaged devices using these classifications. Devices that adhere to these checks are considered corporate devices with privileged access.


In multi-user environments, most Device Classification checks are device (host) wide.  Certificate-based checks are per user or guest.

To open the Device Classification page, go to Settings > Manage > Device Classification.


This page shows the name, OS, and last modification date of existing device classifications. To begin, click New Device Classification and select an OS type.


Proceed to the section below for the OS type you selected.

Share this Doc
In this topic ...