XFA
XFA is a device security platform that helps organizations see and verify every endpoint touching their business apps, including BYOD laptops, contractor devices, and other machines outside traditional MDM. It connects to your identity provider, discovers devices from authentication logs, runs posture checks, and can block unsafe sign-ins before they reach your data.
The product positions itself as a privacy-respecting Zero Trust alternative to MDM. Instead of taking ownership of a device, XFA checks essentials like OS version, disk encryption, screen lock, and antimalware status without tracking browsing history or app usage. Teams can enforce access at login, send users self-remediation guides, and export audit evidence for compliance programs.
XFA fits security and IT teams at startups, enterprises, and regulated industries that need flexible work without blind spots. It integrates with Microsoft 365, Google Workspace, and Okta, and ships integrations for GRC platforms such as Vanta, Drata, TrustCloud, and Thoropass. The company is based in Antwerp, Belgium, and was founded in September 2021.
Discovers managed and unmanaged devices from IdP authentication logs in minutes
Runs posture checks on OS updates, encryption, screen lock, antimalware, and browser versions
Agentless mode verifies mobile and desktop devices with no app install required
Silent MFA uses passkeys and device trust to resist phishing at login
Blocks non-compliant devices at sign-in while skipping personal browsing or app tracking
Exports device security evidence to Vanta, Drata, TrustCloud, and Thoropass
Covers BYOD and contractor devices that MDM often misses.
Free trial requires no credit card and advertises setup in under five minutes.
Exports device evidence to major GRC platforms including Vanta and Drata.
Agentless option extends coverage without asking users to install software.
ISO 27001 certified vendor with EU-built deployment options.
Per-user pricing starts at $5.90/month, so costs scale with headcount.
Enterprise features such as CVE mapping and multi-IdP discovery require sales contact.
Full posture depth still relies on the lightweight agent for many desktop checks.
Does XFA offer a free trial?
Yes. XFA Essential and Advanced plans include a free trial with no credit card required, and setup is advertised as taking under five minutes. XFA also offers a free discovery report and a startup program with two free years for up to five users.
What identity providers does XFA integrate with?
XFA integrates with Microsoft 365 and Entra ID, Google Workspace, and Okta for device discovery and enforcement. Advanced and Enterprise tiers support additional SAMLv2 and OAuth2 connections, with higher connection limits on upper plans.
Is XFA an MDM replacement?
XFA is marketed as a privacy-respecting Zero Trust alternative to traditional MDM for BYOD, freelancer, contractor, and unmanaged devices. It verifies device posture and enforces login access without taking full device control or remote wiping.
What compliance frameworks does XFA support?
XFA provides device security evidence for certifications including ISO 27001, SOC 2, Cyber Essentials, and NIS2. It also integrates with GRC platforms such as Vanta, Drata, TrustCloud, and Thoropass to share compliance status.
What operating systems does XFA support?
XFA supports Windows, macOS, Linux, iOS, and iPadOS. Its device checks cover OS version, encryption, authentication settings, browser updates, jailbreak or root status, and additional security controls depending on platform.
Does XFA require admin rights on user devices?
XFA installs and runs without admin rights on user devices, according to its pricing comparison pages. The lightweight agent focuses on posture verification rather than invasive monitoring or device ownership.

