Machine certificates and device management

Every IT security professional’s nightmare is the user who gets a secure multi-factor authentication (MFA or 2FA) token from work, then brings it home and uses it to log into their sensitive servers from a malware-infested out-of-date Windows XP computer.

To reduce the risk of malware attacks, you can configure your Tailscale domain to only allow access for authorized machine types. You can also configure your policy so that some services (such as a Microsoft Exchange server) will permit connections from less secure machines, like a user’s home PC, while other services (such as a highly sensitive file server or database) have tighter restrictions.

Read more.