Consider adding contexts when you require additional checks to allow endpoint participation on the fabric.

Additional checks include country of origin, time of day, OS, and device posture. For ATM operations, we will explore several options below.

1. The first restriction is location. In this example, the financial institution has ATMs in Singapore, the United Kingdom, and the United States. Any ATMs attempting to connect to the network outside these geographies will not be granted access.
2. ATMs are generally available 24 hours a day, seven days a week. It would not make sense to place a time restriction on all ATMs. However, if your organization does have time-of-day restrictions for certain ATMs, you can create a different context and network for that sub-group.
3. In this design example, all ATMs use the Windows OS; therefore, any connection attempt from any other OS type should be denied. Select the available option if your ATMs use a different base OS.
4. The final check available in context is device posture. There are options to test for the presence of a screensaver password and antivirus program. Most likely, an ATM will require the most restrictive options, ensuring that any machine is protected from unauthorized access and has not been infected by a virus.