• Microsoft & deviceTRUST – 100% Context, 0% complex. More information
  • Our latest service pack release 21.1 SP 2 for Microsoft Windows is now available. More information
  • Learn how Microsoft AppLocker can be managed very easily with deviceTRUST. More information
  • Do you already know our new Use Case Video Geolocation. More information

Digital workspaces can only be secure with the complete set of contextual information

With users working from any device and any location, a secure workspace is only possible by bringing together and keeping up-to-date all the contextual information


With our Active Directory integration, we can get all the properties you require to describe your users – Names, Groups, Descriptions – any field, any information – and add them to your context.

Compliance State

deviceTRUST makes it possible to define the compliance state of the device using various properties. These include, for example, the status of the antivirus and firewall security programs used, as well as the update status of the operating system.

Endpoint State

Information about the user’s device is key to our approach. deviceTRUST can evaluate up to 400 different properties from your devices. Whatever information you need to know about your users and devices, we are sure we can provide.


deviceTRUST gives deep insight into the device’s network connection. A device might have to be treated differently depending upon whether it is connected to your internal or an external, untrusted network, or even on its Wi-Fi state.


With deviceTRUST the location of the user’s device can be determined. This starts with the country of origin and can, if required, go as far as the street and house number.

Additional Sources

deviceTRUST provides a multi-functional scripting engine. Use PowerShell, VBScript or Batch scripts to get data from sources such as text files or databases.

Secure digital workspaces require real-time control with a rich set of actions

A powerful set of real-time actions ensures that the digital workspace is always secure


Conditional Access+

Our most straight forward approach to controlling access to your digital workspaces. Allow access if all criteria are met, deny access if any are not. deviceTRUST uses OS native mechanisms to control access in a secure and reliable way.


Conditional Application Access

With Conditional Application Access you can define the applications users can access inside their digital workspaces. Utilizing tools like the Windows Defender Firewall, Microsoft AppLocker or FSLogix App Masking, deviceTRUST can grant or deny access to any application, dynamically and customized to your unique business requirements.


Conditional Configuration

Conditional Configuration allows you to configure the user’s digital workspace beyond the standard security approach. With deviceTRUST you can manage network drives, printers, remoting and local policies. We also offer a scripting interface for your individual configuration and support supplying data to 3rd party products.

Secure, future-proof digital workspaces

By bringing together the rich set of contextual information with a powerful set of real-time actions, smart decisions can be made to secure the digital workspace

Keep your existing user authentication

deviceTRUST does not alter your existing authentication methods. All Context information is gathered and all actions are executed after the user logged in. This way we add the power of the Context to your existing, role based concept.

Works without endpoint management

deviceTRUST does not require any endpoint management features at all. We do however support installing our software via your endpoint management system. deviceTRUST is simple, consistent and fully independent.

Software only - No additional infrastructure required

deviceTRUST is and will always be a software only product. There is no need for any additional infrastructure or changes to your existing IT landscape. Install the software, configure your Contexts and Actions and you’re good to go! To reach this goal, we integrate into existing management tools and communicate via existing protocols.

Independent from role-based access concepts

You might already have your role-based access solution in place. That’s fine – we’re not going to tamper with it! deviceTRUST extends your existing solutions, adds the power of the Context and supports you with an enhanced and more granular way of controlling access.

Use of existing access technologies

All communication between the deviceTRUST components happens inside your existing environment. There is no need for additional gateways, open ports or firewall adjustments. This way, we adapt to your environment easily and are prepared for any migration plans you might have.

On-Premises, Cloud or Hybrid Environments

With our protocol and infrastructure independent approach, we make sure to support all your environments. No matter if you choose on-premise, cloud or hybrid environments or want to migrate between the scenarios. deviceTRUST will follow your choice without requiring any additional configuration.

Deployment Scenarios

deviceTRUST supports a wide range of digital workplace technologies.
Whether on the local end device, in remote environments or in the cloud -
the required contextual information and actions are always available in real time.



Using deviceTRUST on local end devices such as notebooks or PCs allows you to run contextual information and actions on the same end device. This way, you can provide your users a secure, compliant digital workplace by using local Windows computers.


Remoting / DaaS

In remote scenarios, deviceTRUST receives contextual information from the user's endpoint device - BYOD or enterprise managed. Use the information to control the content of the remote session to meet your regulatory and compliance requirements.



When accessing cloud apps controlled via the Microsoft Azure Active Directory (AAD), deviceTRUST provides detailed context information for access control. Both the compliance status of the device and the more granular "Extension Attributes" can be used.

Manage and apply contextual security policies

deviceTRUST is strictly “software only”. Our whole solution consists of three software components with no requirements for databases, firewalls or any other added infrastructure

deviceTRUST Console


The deviceTRUST Console is where you create your configurations to define your contexts and actions and additional settings.

  • Create separate configurations tailored to each environment
  • Save the configuration data to either the local computer policy, one or more GPO’s, or configuration files on disk
  • Use our built-in templates as a quick start for your configs or to explore additional use cases
deviceTRUST Agent


Fat clients or remote platforms utilize the deviceTRUST Agent to execute actions. The agent is installed on any machine you want to manage user sessions. It receives it’s configuration from the deviceTRUST Console and can report to several targets, depending on your needs.

  • The active deviceTRUST component that executes all actions
  • Installed on your remoting platform or on fat clients
  • Configured via local policy, GPO or configuration file
  • In remoting scenarios, requests data from the deviceTRUST Client Extension based on the current configuration
deviceTRUST Client Extension

Client Extension

In remoting scenarios, the deviceTRUST Client Extension needs to be installed on the client side to get the full set of Context information. The client extension sends data to the deviceTRUST Agent if requested. It`s easy to install and requires no configuration at all.

  • Passive extension for your remoting client extension (Citrix Workspace App, VMware Horizon Client, Amazon WorkSpaces, Microsoft AVD & RDP client, etc.)
  • Does not gather any data by default
  • Acts based on your central configuration settings when instructed by the deviceTRUST Agent


deviceTRUST allows full control of the data that is collected. You can choose to gather every single value as well as you can prevent so. In the same manner, you can control if data is stored, if so, where and for which purpose

Windows Event Log

deviceTRUST comes with a comprehensive set of Windows Event Log entries, giving detailed insight to administrators. Additionally, you can configure to send some or all collected context properties to the event log. Any Information can of course be read there using your existing mechanisms and collected centrally.

Send Email

Email is especially powerful if you wish to directly integrate the help desk into the deviceTRUST environment. Any single information you get from your Context configuration can be included into a mail report that is, for example, sent on every user log on. This way, the help desk already has all the information about the user’s digital workplace as soon as the user requests help.

ELK Stack, Splunk and Graylog

Our integrated web task allows to send all the information we get about the user’s context to external log platforms. deviceTRUST comes with predefined configuration templates and ready-to-implement dashboards for ELK Stack, Splunk and Graylog. This way you can quickly and easily generate visibility of your data to support your use cases.

Supported Platforms