{"slug":"restrict-device-access-with-huntress","title":"Restrict device access with Huntress","tags":["tailscale","access-control","devices"],"agent_summary":"Last validated: Feb 2, 2026","trigger_phrases":[],"runnable":false,"markdown":"\r\n# Restrict device access with Huntress\r\n\r\nLast validated: Feb 2, 2026\r\n\r\nThis integrationis available for [the Standard, Premium, and Enterprise plans](https://tailscale.com/pricing).\r\n\r\n[Huntress Managed EDR](https://www.huntress.com/platform/managed-edr) is a cybersecurity solution that collects signals from enrolled devices (from its agent installed on each device).\r\n\r\nTailscale can fetch these signals from Huntress and use them as device posture attributes in access rules, which you can then use to only grant access to sensitive resources based on each device's level of trust.\r\n\r\nYou can achieve this Tailscale's [device posture management](https://tailscale.com/docs/features/device-posture) features:\r\n\r\n- [Device Identity Collection](https://tailscale.com/docs/features/access-control/device-management/how-to/manage-identity), which collects identifiers (for example, serial numbers), used to match devices in Tailscale to devices in Huntress.\r\n- Huntress posture integration, which synchronizes signals from Huntress to device posture attributes in Tailscale.\r\n- [Posture conditions in access rules](https://tailscale.com/docs/features/device-posture#device-posture-conditions), which lets you configure access restrictions based on device attributes.\r\n\r\nThis guide explains how to enable Device Identity collection for your tailnet and configure Huntress posture integration.\r\n\r\n## [What is Huntress posture integration?](https://tailscale.com/docs/integrations/huntress\\#what-is-huntress-posture-integration)\r\n\r\nThe integration syncs data between Huntress and Tailscale on a recurring schedule.\r\nDuring each sync, Tailscale performs the following actions:\r\n\r\n1. Fetches a list of agents and their reported data from your Huntress account.\r\n2. Matches Huntress devices to devices in your tailnet based on serial numbers.\r\n3. Writes the Huntress data to device posture attributes on each matched device.\r\n\r\nThe integration writes the following device posture attributes to matched devices:\r\n\r\n| **Attribute key** | **Description** | **Allowed values** |\r\n| --- | --- | --- |\r\n| `huntress:defenderStatus` | Status of Microsoft Defender AV | `Incompatible`, `Unhealthy`, `Protected`, `Unmanaged` |\r\n| `huntress:defenderPolicyStatus` | Policy status of Microsoft Defender AV | `Unknown`, `Non Compliant`, `Compliant`, `Pending`, `Gpo Conflict` |\r\n| `huntress:firewallStatus` | Whether the firewall is enabled | `Disabled`, `Enabled`, `Pending Isolation`, `Isolated`, `Pending Release` |\r\n\r\n## [Prerequisites](https://tailscale.com/docs/integrations/huntress\\#prerequisites)\r\n\r\nBefore you can set up the Huntress integration, make sure you have:\r\n\r\n- [Device Identity Collection](https://tailscale.com/docs/features/access-control/device-management/how-to/manage-identity) is enabled, and devices in your tailnet are reporting identifiers\r\n- A Huntress account for which you have permission to create an API key and secret.\r\n\r\n## [Create Huntress API key and API secret](https://tailscale.com/docs/integrations/huntress\\#create-huntress-api-key-and-api-secret)\r\n\r\nTo authenticate your Huntress account with Tailscale, you'll need to create a Huntress API key and secret. The Huntress integration uses these to fetch a list of agents and their data from Huntress.\r\n\r\nTo create a Huntress API key and secret:\r\n\r\n1. Go to the Huntress website and log in to your account.\r\n\r\n2. In the top right-hand menu, select **API Credentials**.\r\n\r\n3. Under **User API Credentials**, select **\\+ Add**.\r\n\r\n4. Under **User**, select a user who has permission to access all your Huntress agents, and select **Create**. Tailscale recommends using a dedicated read-only user for your Tailscale API key.\r\n\r\n5. Make sure to copy the **API Key** and **API Secret**. You need these to configure the Huntress integration in the Tailscale admin console.\r\n\r\n\r\n## [Find your Huntress Organization ID](https://tailscale.com/docs/integrations/huntress\\#find-your-huntress-organization-id)\r\n\r\nYou can specify a Huntress Organization ID to limit the integration to a specific organization associated with your Huntress account.You might consider doing this if you have multiple organizations within Huntress, but only need to connect one of them to Tailscale.\r\n\r\nTo find your Huntress organization ID:\r\n\r\n1. Go to the Huntress website and log in to your account.\r\n2. In the top right-hand menu, select **Organizations**.\r\n3. In the list of organizations, select the organization you plan to use with Tailscale.\r\n4. In the URL, look for the number after `/org/`. For example, if the URL is `https://example.huntress.io/org/123456`, the Organization ID is `123456`.\r\n5. Save this ID so you can use it when you configure the Huntress integration in Tailscale.\r\n\r\n## [Configure Huntress posture integration](https://tailscale.com/docs/integrations/huntress\\#configure-huntress-posture-integration)\r\n\r\nTo configure Tailscale to fetch data about devices from Huntress:\r\n\r\n1. Open the [Device management](https://login.tailscale.com/admin/settings/device-management) page of the Tailscale admin console.\r\n2. Under the **Device Posture Integrations** section, locate the Huntress integration, then select **Connect**.\r\n3. Enter your **API Key** and **API Secret**.\r\n4. (Optional) Enter your [**Organization ID**](https://tailscale.com/docs/integrations/huntress#find-your-huntress-organization-id) to limit the integration to a specific organization associated with your Huntress account.\r\n5. Select **Connect to Huntress**.\r\n\r\n## [Check the integration status](https://tailscale.com/docs/integrations/huntress\\#check-the-integration-status)\r\n\r\nNext, check to ensure the Huntress integration has run successfully.\r\n\r\n1. Go to the **Device Posture Integrations** section of the [Device management](https://login.tailscale.com/admin/settings/device-management) page.\r\n2. Locate the Huntress integration under the **Integrations** section.\r\n\r\nAfter the Huntress integration runs successfully, it shows the time of the most recent sync, the number of synced devices, and any errors that occurred while synchronizing.\r\n\r\n![Integrations: Huntress: Last sync 4 minutes ago, 1 match between 2 Tailscale devices with identities and 3 Huntress agents.](https://tailscale.com/_next/image?url=%2F_next%2Fstatic%2Fmedia%2Fintegration-status.64801efb.png&w=1200&q=75)\r\n\r\n## [Check node attributes](https://tailscale.com/docs/integrations/huntress\\#check-node-attributes)\r\n\r\nAfter you set up the Huntress integration, you can confirm that Tailscale is writing the new node attributes for your Huntress devices from the Tailscale admin console.\r\n\r\n1. Open the [Machines](https://login.tailscale.com/admin/machines) page of the Tailscale admin console.\r\n2. Select a device to inspect.\r\n3. The node attributes for the device are in the **Machine Details** section. This should include the set of `huntress:` attributes listed previously.\r\n\r\n![View of the machine attributes in the Machines page.](https://tailscale.com/_next/image?url=%2F_next%2Fstatic%2Fmedia%2Fmachine-attributes.0bdedafa.png&w=640&q=75)\r\n\r\nYou can also check device attributes using the [Tailscale API](https://tailscale.com/api#tag/devices/GET/device/%7BdeviceId%7D/attributes).\r\n\r\n## [Adjust Tailscale access rules](https://tailscale.com/docs/integrations/huntress\\#adjust-tailscale-access-rules)\r\n\r\nAfter you configure Huntress posture integration, and your devices have device posture attributes that reflect their signals as reported by Huntress, you can use those device posture attributes as part of your posture rules.\r\n\r\nFor example, to only permit access to `tag:production` from devices that have antivirus (AV) scanning and firewall enabled, you can create a new posture and use it as part of a corresponding access rule:\r\n\r\n```json\r\n\"postures\": {\r\n  \"posture:trusted\": [\\\r\n    \"huntress:defenderStatus == 'Healthy'\",\\\r\n    \"huntress:firewallStatus == 'Enabled'\",\\\r\n  ],\r\n},\r\n\"grants\": [\\\r\n  {\\\r\n    \"src\": [\"autogroup:member\"],\\\r\n    \"dst\": [\"tag:production\"],\\\r\n    \"ip\": [\"*\"],\\\r\n    \"srcPosture\": [\"posture:trusted\"]\\\r\n  }\\\r\n]\r\n```\r\n\r\nYou can use the [visual policy editor](https://tailscale.com/docs/features/visual-editor) to manage your tailnet policy file. Refer to the [visual editor reference](https://tailscale.com/docs/reference/visual-editor) for guidance on using the visual editor.\r\n\r\n## [Schedule](https://tailscale.com/docs/integrations/huntress\\#schedule)\r\n\r\nFor each configured integration, Tailscale will aim to sync device posture\r\nattributes every 15 minutes, with a few exceptions:\r\n\r\n- Adding a new integration, or changing configuration of an existing one,\r\nwill trigger an out-of-schedule sync.\r\n- If an integration fails due to authentication error (usually caused by invalid\r\ncredentials), it will be paused for up to 24 hours.\r\n\r\n## [Audit log events](https://tailscale.com/docs/integrations/huntress\\#audit-log-events)\r\n\r\nThe following [audit log events](https://tailscale.com/docs/features/logging/audit-logging#events) are added for device posture.\r\n\r\n| **Target** | **Action** | **Description** |\r\n| --- | --- | --- |\r\n| Integration | Create posture integration | A new posture integration was created |\r\n| Integration | Update posture integration | A posture integration was updated |\r\n| Integration | Removed posture integration | A posture integration was removed |\r\n| Node | Update node attribute | Device posture attributes for a node were changed |\r\n\r\n![Project Logo](https://cdn.brandfetch.io/tailscale.com/fallback/lettermark/theme/dark/h/256/w/256/icon?c=1bfwsmEH20zzEfSNTed)\r\n\r\nAsk AI\r\n\r\nreCAPTCHA\r\n\r\nRecaptcha requires verification.\r\n\r\nprotected by **reCAPTCHA**\r\n","html":"<h1>Restrict device access with Huntress</h1>\n<p>Last validated: Feb 2, 2026</p>\n<p>This integrationis available for <a href=\"https://tailscale.com/pricing\">the Standard, Premium, and Enterprise plans</a>.</p>\n<p><a href=\"https://www.huntress.com/platform/managed-edr\">Huntress Managed EDR</a> is a cybersecurity solution that collects signals from enrolled devices (from its agent installed on each device).</p>\n<p>Tailscale can fetch these signals from Huntress and use them as device posture attributes in access rules, which you can then use to only grant access to sensitive resources based on each device's level of trust.</p>\n<p>You can achieve this Tailscale's <a href=\"https://tailscale.com/docs/features/device-posture\">device posture management</a> features:</p>\n<ul>\n<li><a href=\"https://tailscale.com/docs/features/access-control/device-management/how-to/manage-identity\">Device Identity Collection</a>, which collects identifiers (for example, serial numbers), used to match devices in Tailscale to devices in Huntress.</li>\n<li>Huntress posture integration, which synchronizes signals from Huntress to device posture attributes in Tailscale.</li>\n<li><a href=\"https://tailscale.com/docs/features/device-posture#device-posture-conditions\">Posture conditions in access rules</a>, which lets you configure access restrictions based on device attributes.</li>\n</ul>\n<p>This guide explains how to enable Device Identity collection for your tailnet and configure Huntress posture integration.</p>\n<h2><a href=\"https://tailscale.com/docs/integrations/huntress#what-is-huntress-posture-integration\">What is Huntress posture integration?</a></h2>\n<p>The integration syncs data between Huntress and Tailscale on a recurring schedule.\r\nDuring each sync, Tailscale performs the following actions:</p>\n<ol>\n<li>Fetches a list of agents and their reported data from your Huntress account.</li>\n<li>Matches Huntress devices to devices in your tailnet based on serial numbers.</li>\n<li>Writes the Huntress data to device posture attributes on each matched device.</li>\n</ol>\n<p>The integration writes the following device posture attributes to matched devices:</p>\n<p>| <strong>Attribute key</strong> | <strong>Description</strong> | <strong>Allowed values</strong> |\r\n| --- | --- | --- |\r\n| <code>huntress:defenderStatus</code> | Status of Microsoft Defender AV | <code>Incompatible</code>, <code>Unhealthy</code>, <code>Protected</code>, <code>Unmanaged</code> |\r\n| <code>huntress:defenderPolicyStatus</code> | Policy status of Microsoft Defender AV | <code>Unknown</code>, <code>Non Compliant</code>, <code>Compliant</code>, <code>Pending</code>, <code>Gpo Conflict</code> |\r\n| <code>huntress:firewallStatus</code> | Whether the firewall is enabled | <code>Disabled</code>, <code>Enabled</code>, <code>Pending Isolation</code>, <code>Isolated</code>, <code>Pending Release</code> |</p>\n<h2><a href=\"https://tailscale.com/docs/integrations/huntress#prerequisites\">Prerequisites</a></h2>\n<p>Before you can set up the Huntress integration, make sure you have:</p>\n<ul>\n<li><a href=\"https://tailscale.com/docs/features/access-control/device-management/how-to/manage-identity\">Device Identity Collection</a> is enabled, and devices in your tailnet are reporting identifiers</li>\n<li>A Huntress account for which you have permission to create an API key and secret.</li>\n</ul>\n<h2><a href=\"https://tailscale.com/docs/integrations/huntress#create-huntress-api-key-and-api-secret\">Create Huntress API key and API secret</a></h2>\n<p>To authenticate your Huntress account with Tailscale, you'll need to create a Huntress API key and secret. The Huntress integration uses these to fetch a list of agents and their data from Huntress.</p>\n<p>To create a Huntress API key and secret:</p>\n<ol>\n<li>\n<p>Go to the Huntress website and log in to your account.</p>\n</li>\n<li>\n<p>In the top right-hand menu, select <strong>API Credentials</strong>.</p>\n</li>\n<li>\n<p>Under <strong>User API Credentials</strong>, select <strong>+ Add</strong>.</p>\n</li>\n<li>\n<p>Under <strong>User</strong>, select a user who has permission to access all your Huntress agents, and select <strong>Create</strong>. Tailscale recommends using a dedicated read-only user for your Tailscale API key.</p>\n</li>\n<li>\n<p>Make sure to copy the <strong>API Key</strong> and <strong>API Secret</strong>. You need these to configure the Huntress integration in the Tailscale admin console.</p>\n</li>\n</ol>\n<h2><a href=\"https://tailscale.com/docs/integrations/huntress#find-your-huntress-organization-id\">Find your Huntress Organization ID</a></h2>\n<p>You can specify a Huntress Organization ID to limit the integration to a specific organization associated with your Huntress account.You might consider doing this if you have multiple organizations within Huntress, but only need to connect one of them to Tailscale.</p>\n<p>To find your Huntress organization ID:</p>\n<ol>\n<li>Go to the Huntress website and log in to your account.</li>\n<li>In the top right-hand menu, select <strong>Organizations</strong>.</li>\n<li>In the list of organizations, select the organization you plan to use with Tailscale.</li>\n<li>In the URL, look for the number after <code>/org/</code>. For example, if the URL is <code>https://example.huntress.io/org/123456</code>, the Organization ID is <code>123456</code>.</li>\n<li>Save this ID so you can use it when you configure the Huntress integration in Tailscale.</li>\n</ol>\n<h2><a href=\"https://tailscale.com/docs/integrations/huntress#configure-huntress-posture-integration\">Configure Huntress posture integration</a></h2>\n<p>To configure Tailscale to fetch data about devices from Huntress:</p>\n<ol>\n<li>Open the <a href=\"https://login.tailscale.com/admin/settings/device-management\">Device management</a> page of the Tailscale admin console.</li>\n<li>Under the <strong>Device Posture Integrations</strong> section, locate the Huntress integration, then select <strong>Connect</strong>.</li>\n<li>Enter your <strong>API Key</strong> and <strong>API Secret</strong>.</li>\n<li>(Optional) Enter your <a href=\"https://tailscale.com/docs/integrations/huntress#find-your-huntress-organization-id\"><strong>Organization ID</strong></a> to limit the integration to a specific organization associated with your Huntress account.</li>\n<li>Select <strong>Connect to Huntress</strong>.</li>\n</ol>\n<h2><a href=\"https://tailscale.com/docs/integrations/huntress#check-the-integration-status\">Check the integration status</a></h2>\n<p>Next, check to ensure the Huntress integration has run successfully.</p>\n<ol>\n<li>Go to the <strong>Device Posture Integrations</strong> section of the <a href=\"https://login.tailscale.com/admin/settings/device-management\">Device management</a> page.</li>\n<li>Locate the Huntress integration under the <strong>Integrations</strong> section.</li>\n</ol>\n<p>After the Huntress integration runs successfully, it shows the time of the most recent sync, the number of synced devices, and any errors that occurred while synchronizing.</p>\n<p><img src=\"https://tailscale.com/_next/image?url=%2F_next%2Fstatic%2Fmedia%2Fintegration-status.64801efb.png&#x26;w=1200&#x26;q=75\" alt=\"Integrations: Huntress: Last sync 4 minutes ago, 1 match between 2 Tailscale devices with identities and 3 Huntress agents.\"></p>\n<h2><a href=\"https://tailscale.com/docs/integrations/huntress#check-node-attributes\">Check node attributes</a></h2>\n<p>After you set up the Huntress integration, you can confirm that Tailscale is writing the new node attributes for your Huntress devices from the Tailscale admin console.</p>\n<ol>\n<li>Open the <a href=\"https://login.tailscale.com/admin/machines\">Machines</a> page of the Tailscale admin console.</li>\n<li>Select a device to inspect.</li>\n<li>The node attributes for the device are in the <strong>Machine Details</strong> section. This should include the set of <code>huntress:</code> attributes listed previously.</li>\n</ol>\n<p><img src=\"https://tailscale.com/_next/image?url=%2F_next%2Fstatic%2Fmedia%2Fmachine-attributes.0bdedafa.png&#x26;w=640&#x26;q=75\" alt=\"View of the machine attributes in the Machines page.\"></p>\n<p>You can also check device attributes using the <a href=\"https://tailscale.com/api#tag/devices/GET/device/%7BdeviceId%7D/attributes\">Tailscale API</a>.</p>\n<h2><a href=\"https://tailscale.com/docs/integrations/huntress#adjust-tailscale-access-rules\">Adjust Tailscale access rules</a></h2>\n<p>After you configure Huntress posture integration, and your devices have device posture attributes that reflect their signals as reported by Huntress, you can use those device posture attributes as part of your posture rules.</p>\n<p>For example, to only permit access to <code>tag:production</code> from devices that have antivirus (AV) scanning and firewall enabled, you can create a new posture and use it as part of a corresponding access rule:</p>\n<pre><code class=\"language-json\">\"postures\": {\r\n  \"posture:trusted\": [\\\r\n    \"huntress:defenderStatus == 'Healthy'\",\\\r\n    \"huntress:firewallStatus == 'Enabled'\",\\\r\n  ],\r\n},\r\n\"grants\": [\\\r\n  {\\\r\n    \"src\": [\"autogroup:member\"],\\\r\n    \"dst\": [\"tag:production\"],\\\r\n    \"ip\": [\"*\"],\\\r\n    \"srcPosture\": [\"posture:trusted\"]\\\r\n  }\\\r\n]\n</code></pre>\n<p>You can use the <a href=\"https://tailscale.com/docs/features/visual-editor\">visual policy editor</a> to manage your tailnet policy file. Refer to the <a href=\"https://tailscale.com/docs/reference/visual-editor\">visual editor reference</a> for guidance on using the visual editor.</p>\n<h2><a href=\"https://tailscale.com/docs/integrations/huntress#schedule\">Schedule</a></h2>\n<p>For each configured integration, Tailscale will aim to sync device posture\r\nattributes every 15 minutes, with a few exceptions:</p>\n<ul>\n<li>Adding a new integration, or changing configuration of an existing one,\r\nwill trigger an out-of-schedule sync.</li>\n<li>If an integration fails due to authentication error (usually caused by invalid\r\ncredentials), it will be paused for up to 24 hours.</li>\n</ul>\n<h2><a href=\"https://tailscale.com/docs/integrations/huntress#audit-log-events\">Audit log events</a></h2>\n<p>The following <a href=\"https://tailscale.com/docs/features/logging/audit-logging#events\">audit log events</a> are added for device posture.</p>\n<p>| <strong>Target</strong> | <strong>Action</strong> | <strong>Description</strong> |\r\n| --- | --- | --- |\r\n| Integration | Create posture integration | A new posture integration was created |\r\n| Integration | Update posture integration | A posture integration was updated |\r\n| Integration | Removed posture integration | A posture integration was removed |\r\n| Node | Update node attribute | Device posture attributes for a node were changed |</p>\n<p><img src=\"https://cdn.brandfetch.io/tailscale.com/fallback/lettermark/theme/dark/h/256/w/256/icon?c=1bfwsmEH20zzEfSNTed\" alt=\"Project Logo\"></p>\n<p>Ask AI</p>\n<p>reCAPTCHA</p>\n<p>Recaptcha requires verification.</p>\n<p>protected by <strong>reCAPTCHA</strong></p>\n"}