How to Use a Policy With CrowdStrike Attributes

  • Updated on Feb 10, 2026
  • Published on Nov 4, 2025
  • 1 minute(s) read
  • e
  • EA
 Prev Next

This article demonstrates how to create Zero Trust Assessment–based policies in Beyond Identity by using CrowdStrike Falcon attributes—such as the Zero Trust Assessment Score, device integration status, and quarantine state—to control which devices are allowed to authenticate or add devices.

Zero Trust Assessment-based policy

  1. Log into the Beyond Identity Admin Console and select Policy from the left menu.

  2. From the Policy page, select Edit Policy > Add Rule.

  3. Refer to the following steps to configure a policy to suit your requirements.

Write a policy using the Zero Trust Assessment Score attribute

To write a policy to continuously validate device posture before allowing access, refer to the following steps. A higher score indicates a better security posture.

  1. Under the Integration attribute drop-down menu, select Crowdstrike Falcon, and then configure a Zero Trust Assessment Score.

  2. Configure additional attributes if needed.

  3. Click Add.

IMPORTANT: If the data.zta file is empty, contact support@crowdstrike.com and request that they enable the data.zta and CrowdStrike Falcon Insight Zero Trust Assessment (ZTA) feature.

Check CrowdStrike Installation Status

To write a policy to ensure only devices integrated with CrowdStrike Falcon are allowed to authenticate and/or add devices:

  1. Under the Integration attribute, click Add attribute and then select the following from the drop-down menus:

    1. CrowdStrike Falcon

    2. Device Found

    3. Yes or No (in this example, No is selected)

  2. Under Then, select Deny.

  3. (Optional) Configure any additional attributes.

  4. Click Add.

Quarantine Action

Write a policy to allow or deny a device to authenticate and/or add devices. In the following example, write a policy to ensure only devices integrated with CrowdStrike Falcon are allowed to authenticate and/or add devices.

  1. (Optional) Select the appropriate transaction type. For all transaction types, leave the field blank.

  2. (Optional) Add specific users. For the rule to be applied to all users, leave the field blank.

  3. (Optional) Select the appropriate device platform. In this example, Windows.

  4. Select the appropriate integration type or leave the field blank.

  5. (Optional) Select the desired Authentication version.

  6. Under Then, select Deny.

  7. Click Add Attribute and select CrowdStrike Quarantine from the AND drop-down menu.

  8. Click Add.


    mceclip0.png

Related articles