we are using ZPA + Device Postures to ensure that employees can access internal Sensitive Data only when certain Posture Profiles are fulfilled.
If you install for example a Virtual Box on this Machine and use NAT as Network Mode the Virtual Maschine passes all Posture checks.
Is it possible to prevent this somehow?
I would ask the following – for this VM desktop – non persistent or persistent ---- did you log in that Zscaler Client Connector on the Master Image?
If so you need to rebuild that Master - as it is best practice to have Zscaler spawn with no user already active - and force Authentication to the tenant or IdP before any access is granter to Zscaler - also what are the client posture checks used - if they are resident to the Master Image - and not the user, or an authorized application - it would pass most checks with out fail –