Trust Profile

Admin-defined assignment of Trust Factors to subsets of devices in an org

  • Updated on Jun 07, 2023
  • 7 minutes to read
  • Contributors


Trust Profiles can take up to 10 minutes to associate to a device. This delay only occurs when Trust Profile assignment has been edited or Trust Profile prioritization has been adjusted. Changes to Trust Factors are reflected upon the next app sync with the Command Center.

Trust Profile Overview

A Trust Profile applies admin-defined Trust Factors to a specific subset of devices within an org. Trust Profiles allow admins to assign a set of Trust Factors (with designated Trust Effects) to user groups, device serial numbers, operating systems, and device ownership types.

Historically, all Trust Factors were enabled at the organizational level and globally applied to all devices; with the introduction of Trust Profiles, specific Trust Factors can be applied to subsets of devices, offering admins granular control over devices’ security posture.

Trust Profile Assignment

  • Each device must be associated to a Trust Profile. If a device is not associated to a custom Trust Profile, it will then be associated with the Default Trust Profile, which exists in every org.

  • When the background job runs (every 10 mins or so) and we sync devices, the just-registered device will move to its new Trust Profile based on the assignment criteria.

  • The Default Trust Profile’s assignment criteria cannot be changed. This profile serves as the “catch all” and is automatically assigned to devices without an assigned profile. It is always the lowest priority Trust Profile.

  • Trust Profile assignment criteria include User Groups, Device Serial Numbers, Operating Systems, and Device Ownership types. Admins can configure assignment criteria, and then apply Trust Factors to these users’ devices.
  • In order to create a Trust Profile, admins must have at least one assignment criterion to apply to devices.

  • Trust Profile assignment is conjunctive. A profile assigned to two separate assignment criteria (e.g., a user group as well as an OS) will only apply if both criteria are met (e.g.,, the user is a contractor and working on a macOS device; not a user who is a contractor or working on a macOS device).

  • If an assignment criterion is not selected during Trust Profile creation (e.g., no operating systems are selected), the associated Trust Profile will apply to any of the criterion’s available options (e.g., the profile will apply to macOS, Windows, Linux, iOS, and Android if no operating systems are selected).

  • If an admin selects Yes to Include only MDM-managed devices, then this Trust Profile will only apply to MDM-managed devices (determined via the zero-touch installation process). If, alternatively, an admin selects No, then this Trust Profile will not evaluate for MDM-management.

Trust Factors

Each Trust Profile can contain only one vendor’s trust integration (i.e., only one Crowdstrike integration). If two or more trust integrations from the same vendor exist, only one can be applied to a given Trust Profile. Once one is applied, others from that same vendor will disappear as Trust Factor selection options for your profile.

Trust Profile Prioritization

Since devices can only be assigned to one Trust Profile, Trust Profile prioritization is required. A device will be assigned the Trust Profile that (i) matches selected criteria and (ii) has the highest priority level. The Default Trust Profile will always be the lowest priority on the list.

To prioritize Trust Profiles, select the top right triangle button, and complete the following:

  • Drag and drop the profiles in the preferred order;
  • Save.
Trust Profile Example: Applying the CrowdStrike Integration factor to Contractors

An admin wants to create a Trust Profile for contractors in their org. The admin defines the profile by adding the user group Contractors.

The admin then selects the CrowdStrike Trust Integration factor to apply to Contractors’ devices.

Trust Profile Example: Prioritizing Trust Profiles

An admin creates two Trust Profiles: one profile applies a set of Trust Factors to the Developers user group; the other profile applies a separate set of Trust Factors to the Contractors user group. A device in the org is part of both user groups, Developers and Contractors. Therefore, both Trust Profiles apply to this device.

In Banyan, the rule is that a device can only be assigned to one Trust Profile. Since the device’s features apply to both Trust Profiles, the profiles must be prioritized. To resolve this, the admin can navigate to the Trust Profile Prioritization page in the Command Center, and drag the Trust Profiles in order of priority, where 1 is the highest priority.

The admin decides that the Contractors Trust Profile is higher priority than the Developers Trust Profile, and drags the profiles to reflect this. Now, the device will be assigned to the Contractors profile.


Can’t find what you’re looking for?

We’re happy to help. Contact our team.