diff --git a/.sqlx/query-0d6fec510bbe64e1f9475b210efd9b910f589d8b8f15d11babd409a3fcbdd968.json b/.sqlx/query-0d6fec510bbe64e1f9475b210efd9b910f589d8b8f15d11babd409a3fcbdd968.json
index 86a1c5d34..5a23aceb9 100644
--- a/.sqlx/query-0d6fec510bbe64e1f9475b210efd9b910f589d8b8f15d11babd409a3fcbdd968.json
+++ b/.sqlx/query-0d6fec510bbe64e1f9475b210efd9b910f589d8b8f15d11babd409a3fcbdd968.json
@@ -26,12 +26,12 @@
             }
           }
         },
-        "Text",
+        "Int4",
         "Bool",
         "Bool",
         "Bool",
         "Bool",
-        "Text",
+        "Int4",
         "Bool"
       ]
     },
diff --git a/.sqlx/query-394c7d22ad81bb8e379e36ff7aed125dadafdf69a5dfb5319bfc33c10eff7063.json b/.sqlx/query-394c7d22ad81bb8e379e36ff7aed125dadafdf69a5dfb5319bfc33c10eff7063.json
index d2e8bbfe4..04d9e8c49 100644
--- a/.sqlx/query-394c7d22ad81bb8e379e36ff7aed125dadafdf69a5dfb5319bfc33c10eff7063.json
+++ b/.sqlx/query-394c7d22ad81bb8e379e36ff7aed125dadafdf69a5dfb5319bfc33c10eff7063.json
@@ -34,7 +34,7 @@
       {
         "ordinal": 3,
         "name": "min_os_version",
-        "type_info": "Text"
+        "type_info": "Int4"
       },
       {
         "ordinal": 4,
@@ -59,7 +59,7 @@
       {
         "ordinal": 8,
         "name": "min_kernel_version",
-        "type_info": "Text"
+        "type_info": "Int4"
       },
       {
         "ordinal": 9,
diff --git a/.sqlx/query-53bf9681753885fe1e261f1e7ed560c3971ca815eae5f94666151d14e1c8a7e2.json b/.sqlx/query-53bf9681753885fe1e261f1e7ed560c3971ca815eae5f94666151d14e1c8a7e2.json
index ab8024e8d..9f47dc5b5 100644
--- a/.sqlx/query-53bf9681753885fe1e261f1e7ed560c3971ca815eae5f94666151d14e1c8a7e2.json
+++ b/.sqlx/query-53bf9681753885fe1e261f1e7ed560c3971ca815eae5f94666151d14e1c8a7e2.json
@@ -34,7 +34,7 @@
       {
         "ordinal": 3,
         "name": "min_os_version",
-        "type_info": "Text"
+        "type_info": "Int4"
       },
       {
         "ordinal": 4,
@@ -59,7 +59,7 @@
       {
         "ordinal": 8,
         "name": "min_kernel_version",
-        "type_info": "Text"
+        "type_info": "Int4"
       },
       {
         "ordinal": 9,
diff --git a/.sqlx/query-6362549c0bce9437168b99cfbe8082a1b723915ba74b649f3124e45496cf6a92.json b/.sqlx/query-6362549c0bce9437168b99cfbe8082a1b723915ba74b649f3124e45496cf6a92.json
index d480e9f1a..2b9466b21 100644
--- a/.sqlx/query-6362549c0bce9437168b99cfbe8082a1b723915ba74b649f3124e45496cf6a92.json
+++ b/.sqlx/query-6362549c0bce9437168b99cfbe8082a1b723915ba74b649f3124e45496cf6a92.json
@@ -34,7 +34,7 @@
       {
         "ordinal": 3,
         "name": "min_os_version",
-        "type_info": "Text"
+        "type_info": "Int4"
       },
       {
         "ordinal": 4,
@@ -59,7 +59,7 @@
       {
         "ordinal": 8,
         "name": "min_kernel_version",
-        "type_info": "Text"
+        "type_info": "Int4"
       },
       {
         "ordinal": 9,
diff --git a/.sqlx/query-d27fc58c77a426371d02b6d6de5567ba8d71028e15208f3fa3906ad05f8fdec5.json b/.sqlx/query-d27fc58c77a426371d02b6d6de5567ba8d71028e15208f3fa3906ad05f8fdec5.json
index bd04f3b48..d650efc76 100644
--- a/.sqlx/query-d27fc58c77a426371d02b6d6de5567ba8d71028e15208f3fa3906ad05f8fdec5.json
+++ b/.sqlx/query-d27fc58c77a426371d02b6d6de5567ba8d71028e15208f3fa3906ad05f8fdec5.json
@@ -21,12 +21,12 @@
             }
           }
         },
-        "Text",
+        "Int4",
         "Bool",
         "Bool",
         "Bool",
         "Bool",
-        "Text",
+        "Int4",
         "Bool"
       ]
     },
diff --git a/.sqlx/query-f694147f2e2d667ef7b438fb9140883ba7e43903204660b12c459c36a5ba7ee4.json b/.sqlx/query-f694147f2e2d667ef7b438fb9140883ba7e43903204660b12c459c36a5ba7ee4.json
index b7b00ba44..91a6d79ec 100644
--- a/.sqlx/query-f694147f2e2d667ef7b438fb9140883ba7e43903204660b12c459c36a5ba7ee4.json
+++ b/.sqlx/query-f694147f2e2d667ef7b438fb9140883ba7e43903204660b12c459c36a5ba7ee4.json
@@ -34,7 +34,7 @@
       {
         "ordinal": 3,
         "name": "min_os_version",
-        "type_info": "Text"
+        "type_info": "Int4"
       },
       {
         "ordinal": 4,
@@ -59,7 +59,7 @@
       {
         "ordinal": 8,
         "name": "min_kernel_version",
-        "type_info": "Text"
+        "type_info": "Int4"
       },
       {
         "ordinal": 9,
diff --git a/crates/defguard_core/src/enterprise/db/models/device_posture.rs b/crates/defguard_core/src/enterprise/db/models/device_posture.rs
index 3472cefc2..29349ce55 100644
--- a/crates/defguard_core/src/enterprise/db/models/device_posture.rs
+++ b/crates/defguard_core/src/enterprise/db/models/device_posture.rs
@@ -35,7 +35,7 @@ pub struct DevicePostureOsRule<I = NoId> {
     #[model(enum)]
     pub os_type: OsType,
     // shared
-    pub min_os_version: Option<String>,
+    pub min_os_version: Option<i32>,
     // Windows, macOS, Linux
     pub disk_encryption_required: Option<bool>,
     // Windows only
@@ -43,7 +43,7 @@ pub struct DevicePostureOsRule<I = NoId> {
     pub ad_domain_joined_required: Option<bool>,
     pub windows_security_update_current: Option<bool>,
     // Linux only
-    pub min_kernel_version: Option<String>,
+    pub min_kernel_version: Option<i32>,
     // macOS, iOS, Android only
     pub device_integrity_required: Option<bool>,
 }
@@ -58,7 +58,8 @@ impl DevicePostureOsRule<Id> {
             Self,
             "SELECT id, posture_id, os_type \"os_type: OsType\", min_os_version, \
             disk_encryption_required, antivirus_required, ad_domain_joined_required, \
-            windows_security_update_current, min_kernel_version, device_integrity_required \
+            windows_security_update_current, min_kernel_version, \
+            device_integrity_required \
             FROM device_posture_os_rule WHERE posture_id = $1",
             posture_id
         )
diff --git a/crates/defguard_core/src/enterprise/handlers/device_posture.rs b/crates/defguard_core/src/enterprise/handlers/device_posture.rs
index 2aa67d065..0e0bace9f 100644
--- a/crates/defguard_core/src/enterprise/handlers/device_posture.rs
+++ b/crates/defguard_core/src/enterprise/handlers/device_posture.rs
@@ -32,27 +32,18 @@ use crate::{
 /// Minimum defguard desktop client versions available for posture rules.
 /// FIXME: 2.0 does not actually exist, remove before release
 /// TODO: also consider if this is the best way to store possible options
-pub static CLIENT_VERSIONS: &[&str] = &["1.6", "2.0"];
+pub const CLIENT_VERSIONS: &[&str] = &["1.6", "2.0"];
 
-/// Valid Linux kernel version families for posture rules.
-pub static KERNEL_VERSIONS: &[&str] = &["5.x", "6.x", "7.x"];
+pub const WINDOWS_OS_VERSIONS: &[i32] = &[10, 11];
+pub const MACOS_OS_VERSIONS: &[i32] = &[13, 14, 15, 26];
+pub const IOS_OS_VERSIONS: &[i32] = &[17, 18, 26];
+pub const ANDROID_OS_VERSIONS: &[i32] = &[13, 14, 15, 16];
 
-/// Returns the list of valid `min_os_version` values for a given OS type.
-/// TODO: consider a better format for storing versions
-#[must_use]
-pub fn valid_os_versions(os_type: &OsType) -> &'static [&'static str] {
-    match os_type {
-        OsType::Windows => &["Windows 10", "Windows 11"],
-        OsType::Macos => &[
-            "macOS 13 Ventura",
-            "macOS 14 Sonoma",
-            "macOS 15 Sequoia",
-            "macOS 26 Tahoe",
-        ],
-        OsType::Linux => KERNEL_VERSIONS,
-        OsType::Ios => &["17", "18", "26"],
-        OsType::Android => &["13", "14", "15", "16"],
-    }
+/// Valid Linux kernel major versions for posture rules.
+pub const LINUX_KERNEL_VERSIONS: &[i32] = &[5, 6, 7];
+
+fn owned_client_versions(values: &[&str]) -> Vec<String> {
+    values.iter().map(|value| (*value).to_owned()).collect()
 }
 
 /// Per-OS rule included in a posture check policy API.
@@ -63,26 +54,26 @@ pub fn valid_os_versions(os_type: &OsType) -> &'static [&'static str] {
 #[serde(tag = "os_type", rename_all = "lowercase")]
 pub enum ApiOsRule {
     Windows {
-        min_os_version: Option<String>,
+        min_os_version: Option<i32>,
         disk_encryption_required: Option<bool>,
         antivirus_required: Option<bool>,
         ad_domain_joined_required: Option<bool>,
         windows_security_update_current: Option<bool>,
     },
     Macos {
-        min_os_version: Option<String>,
+        min_os_version: Option<i32>,
         disk_encryption_required: Option<bool>,
         device_integrity_required: Option<bool>,
     },
     Linux {
-        min_kernel_version: Option<String>,
+        min_kernel_version: Option<i32>,
         disk_encryption_required: Option<bool>,
     },
     Ios {
-        min_os_version: Option<String>,
+        min_os_version: Option<i32>,
     },
     Android {
-        min_os_version: Option<String>,
+        min_os_version: Option<i32>,
         device_integrity_required: Option<bool>,
     },
 }
@@ -240,6 +231,56 @@ impl From<DevicePosture<Id>> for ApiDevicePosture {
     }
 }
 
+#[derive(Clone, Debug, Deserialize, Serialize, ToSchema)]
+pub struct DevicePostureOsVersionCatalog {
+    pub windows: Vec<i32>,
+    pub macos: Vec<i32>,
+    pub ios: Vec<i32>,
+    pub android: Vec<i32>,
+}
+
+impl DevicePostureOsVersionCatalog {
+    #[must_use]
+    pub fn new() -> Self {
+        Self {
+            windows: WINDOWS_OS_VERSIONS.to_vec(),
+            macos: MACOS_OS_VERSIONS.to_vec(),
+            ios: IOS_OS_VERSIONS.to_vec(),
+            android: ANDROID_OS_VERSIONS.to_vec(),
+        }
+    }
+}
+
+impl Default for DevicePostureOsVersionCatalog {
+    fn default() -> Self {
+        Self::new()
+    }
+}
+
+#[derive(Clone, Debug, Deserialize, Serialize, ToSchema)]
+pub struct DevicePostureVersionMetadata {
+    pub os_versions: DevicePostureOsVersionCatalog,
+    pub linux_kernel_versions: Vec<i32>,
+    pub client_versions: Vec<String>,
+}
+
+impl DevicePostureVersionMetadata {
+    #[must_use]
+    pub fn new() -> Self {
+        Self {
+            os_versions: DevicePostureOsVersionCatalog::new(),
+            linux_kernel_versions: LINUX_KERNEL_VERSIONS.to_vec(),
+            client_versions: owned_client_versions(CLIENT_VERSIONS),
+        }
+    }
+}
+
+impl Default for DevicePostureVersionMetadata {
+    fn default() -> Self {
+        Self::new()
+    }
+}
+
 /// Request body for creating or updating a device posture check policy.
 #[derive(Clone, Debug, Deserialize, Serialize, ToSchema)]
 pub struct EditDevicePosture {
@@ -372,14 +413,14 @@ fn apply_os_rule_filters(
             append_string_array_filter(
                 query_builder,
                 &versions,
-                &format!(" AND {alias}.min_os_version"),
+                &format!(" AND {alias}.min_os_version::text"),
             );
         }
         OsType::Linux => {
             append_string_array_filter(
                 query_builder,
                 &versions,
-                &format!(" AND {alias}.min_kernel_version"),
+                &format!(" AND {alias}.min_kernel_version::text"),
             );
         }
     }
@@ -464,6 +505,68 @@ fn validate_device_posture_base(data: &EditDevicePosture) -> Result<(), WebError
     validate_device_posture_os_rules(&data.os_rules)
 }
 
+fn validate_device_posture_os_rule(rule: &ApiOsRule) -> Result<(), WebError> {
+    let os_type = rule.os_type();
+
+    match rule {
+        ApiOsRule::Windows {
+            min_os_version: Some(v),
+            ..
+        } if !WINDOWS_OS_VERSIONS.contains(v) => Err(WebError::BadRequest(format!(
+            "Unknown min_os_version '{v}' for {os_type:?}. Valid values: {}",
+            WINDOWS_OS_VERSIONS
+                .iter()
+                .map(i32::to_string)
+                .collect::<Vec<_>>()
+                .join(", ")
+        ))),
+        ApiOsRule::Macos {
+            min_os_version: Some(v),
+            ..
+        } if !MACOS_OS_VERSIONS.contains(v) => Err(WebError::BadRequest(format!(
+            "Unknown min_os_version '{v}' for {os_type:?}. Valid values: {}",
+            MACOS_OS_VERSIONS
+                .iter()
+                .map(i32::to_string)
+                .collect::<Vec<_>>()
+                .join(", ")
+        ))),
+        ApiOsRule::Ios {
+            min_os_version: Some(v),
+        } if !IOS_OS_VERSIONS.contains(v) => Err(WebError::BadRequest(format!(
+            "Unknown min_os_version '{v}' for {os_type:?}. Valid values: {}",
+            IOS_OS_VERSIONS
+                .iter()
+                .map(i32::to_string)
+                .collect::<Vec<_>>()
+                .join(", ")
+        ))),
+        ApiOsRule::Android {
+            min_os_version: Some(v),
+            ..
+        } if !ANDROID_OS_VERSIONS.contains(v) => Err(WebError::BadRequest(format!(
+            "Unknown min_os_version '{v}' for {os_type:?}. Valid values: {}",
+            ANDROID_OS_VERSIONS
+                .iter()
+                .map(i32::to_string)
+                .collect::<Vec<_>>()
+                .join(", ")
+        ))),
+        ApiOsRule::Linux {
+            min_kernel_version: Some(kv),
+            ..
+        } if !LINUX_KERNEL_VERSIONS.contains(kv) => Err(WebError::BadRequest(format!(
+            "Unknown min_kernel_version '{kv}'. Valid values: {}",
+            LINUX_KERNEL_VERSIONS
+                .iter()
+                .map(i32::to_string)
+                .collect::<Vec<_>>()
+                .join(", ")
+        ))),
+        _ => Ok(()),
+    }
+}
+
 /// Validates the `os_rules` list in an [`EditDevicePosture`] request.
 ///
 /// Returns `Err(WebError::BadRequest(...))` if:
@@ -479,34 +582,7 @@ fn validate_device_posture_os_rules(os_rules: &[ApiOsRule]) -> Result<(), WebErr
                 "Duplicate os_type '{os_type:?}' in os_rules"
             )));
         }
-        let valid_versions = valid_os_versions(&os_type);
-        let min_os_version = match rule {
-            ApiOsRule::Windows { min_os_version, .. }
-            | ApiOsRule::Macos { min_os_version, .. }
-            | ApiOsRule::Ios { min_os_version }
-            | ApiOsRule::Android { min_os_version, .. } => min_os_version,
-            ApiOsRule::Linux { .. } => &None,
-        };
-        if let Some(v) = min_os_version {
-            if !valid_versions.contains(&v.as_str()) {
-                return Err(WebError::BadRequest(format!(
-                    "Unknown min_os_version '{v}' for {os_type:?}. Valid values: {}",
-                    valid_versions.join(", ")
-                )));
-            }
-        }
-        if let ApiOsRule::Linux {
-            min_kernel_version: Some(kv),
-            ..
-        } = rule
-        {
-            if !KERNEL_VERSIONS.contains(&kv.as_str()) {
-                return Err(WebError::BadRequest(format!(
-                    "Unknown min_kernel_version '{kv}'. Valid values: {}",
-                    KERNEL_VERSIONS.join(", ")
-                )));
-            }
-        }
+        validate_device_posture_os_rule(rule)?;
     }
     Ok(())
 }
@@ -587,6 +663,41 @@ pub async fn create_device_posture(
     Ok(ApiResponse::json(response, StatusCode::CREATED))
 }
 
+#[utoipa::path(
+    get,
+    path = "/api/v1/device-posture/versions",
+    tag = "DevicePosture",
+    responses(
+        (status = 200, description = "Valid device posture OS and client versions", body = DevicePostureVersionMetadata),
+        (status = 401, description = "Unauthorized"),
+        (status = 403, description = "Forbidden - enterprise license required")
+    ),
+    security(
+        ("cookie" = []),
+        ("api_token" = [])
+    )
+)]
+/// Return the backend-owned catalog of selectable posture-check versions.
+///
+/// # Errors
+///
+/// Returns an error when the requester is unauthorized or lacks the required license.
+pub async fn get_device_posture_versions(
+    _license: EnterpriseLicenseInfo,
+    _admin: AdminRole,
+    session: SessionInfo,
+) -> ApiResult {
+    debug!(
+        "User {} fetching device posture version metadata",
+        session.user.username
+    );
+
+    Ok(ApiResponse::json(
+        DevicePostureVersionMetadata::new(),
+        StatusCode::OK,
+    ))
+}
+
 #[utoipa::path(
     get,
     path = "/api/v1/device-posture",
diff --git a/crates/defguard_core/src/lib.rs b/crates/defguard_core/src/lib.rs
index a25dd3434..78cf0329f 100644
--- a/crates/defguard_core/src/lib.rs
+++ b/crates/defguard_core/src/lib.rs
@@ -111,8 +111,8 @@ use crate::{
             check_enterprise_info,
             device_posture::{
                 create_device_posture, delete_device_posture, duplicate_device_posture,
-                get_device_posture, list_device_postures, set_locations_for_posture,
-                set_postures_for_location, update_device_posture,
+                get_device_posture, get_device_posture_versions, list_device_postures,
+                set_locations_for_posture, set_postures_for_location, update_device_posture,
             },
             enterprise_settings::{get_enterprise_settings, patch_enterprise_settings},
             openid_login::{auth_callback, get_auth_info},
@@ -536,6 +536,7 @@ pub fn build_webapp(
     let api_router = api_router.nest(
         "/api/v1",
         Router::new()
+            .route("/device-posture/versions", get(get_device_posture_versions))
             .route(
                 "/device-posture",
                 get(list_device_postures).post(create_device_posture),
diff --git a/crates/defguard_core/tests/integration/api/device_posture.rs b/crates/defguard_core/tests/integration/api/device_posture.rs
index b90d0a7f8..f022830a1 100644
--- a/crates/defguard_core/tests/integration/api/device_posture.rs
+++ b/crates/defguard_core/tests/integration/api/device_posture.rs
@@ -1,10 +1,11 @@
 use defguard_common::db::setup_pool;
 use defguard_core::{
     enterprise::{
-        db::models::device_posture::{DevicePosture, DevicePostureSnapshot, OsType},
+        db::models::device_posture::{DevicePosture, DevicePostureSnapshot},
         handlers::device_posture::{
-            ApiDevicePosture, ApiOsRule, AssignLocationsData, AssignPosturesData, CLIENT_VERSIONS,
-            EditDevicePosture, valid_os_versions,
+            ANDROID_OS_VERSIONS, ApiDevicePosture, ApiOsRule, AssignLocationsData,
+            AssignPosturesData, CLIENT_VERSIONS, DevicePostureVersionMetadata, EditDevicePosture,
+            IOS_OS_VERSIONS, LINUX_KERNEL_VERSIONS, MACOS_OS_VERSIONS, WINDOWS_OS_VERSIONS,
         },
         license::{get_cached_license, set_cached_license},
     },
@@ -86,6 +87,31 @@ async fn test_device_posture_enterprise_license_required(
     set_cached_license(saved);
 }
 
+#[sqlx::test]
+async fn test_device_posture_versions_metadata(_: PgPoolOptions, options: PgConnectOptions) {
+    let (client, _) = setup(options).await;
+
+    let response = client.get("/api/v1/device-posture/versions").send().await;
+    assert_eq!(response.status(), StatusCode::OK);
+    let metadata: DevicePostureVersionMetadata = response.json().await;
+
+    assert_eq!(metadata.os_versions.windows, WINDOWS_OS_VERSIONS.to_vec());
+    assert_eq!(metadata.os_versions.macos, MACOS_OS_VERSIONS.to_vec());
+    assert_eq!(
+        metadata.linux_kernel_versions,
+        LINUX_KERNEL_VERSIONS.to_vec()
+    );
+    assert_eq!(metadata.os_versions.ios, IOS_OS_VERSIONS.to_vec());
+    assert_eq!(metadata.os_versions.android, ANDROID_OS_VERSIONS.to_vec());
+    assert_eq!(
+        metadata.client_versions,
+        CLIENT_VERSIONS
+            .iter()
+            .map(|value| (*value).to_owned())
+            .collect::<Vec<_>>()
+    );
+}
+
 #[sqlx::test]
 async fn test_device_posture_crud(_: PgPoolOptions, options: PgConnectOptions) {
     let (mut client, _) = setup(options).await;
@@ -390,8 +416,8 @@ async fn test_device_posture_list_filters_os_and_defguard(
 ) {
     let (mut client, _) = setup(options).await;
 
-    let windows_version = valid_os_versions(&OsType::Windows)[0];
-    let android_version = valid_os_versions(&OsType::Android)[2];
+    let windows_version = WINDOWS_OS_VERSIONS[0];
+    let android_version = ANDROID_OS_VERSIONS[2];
 
     let filtered = EditDevicePosture {
         name: "Filtered posture".to_owned(),
@@ -400,14 +426,14 @@ async fn test_device_posture_list_filters_os_and_defguard(
         allow_prerelease_client: true,
         os_rules: vec![
             ApiOsRule::Windows {
-                min_os_version: Some(windows_version.to_owned()),
+                min_os_version: Some(windows_version),
                 disk_encryption_required: Some(true),
                 antivirus_required: Some(true),
                 ad_domain_joined_required: None,
                 windows_security_update_current: None,
             },
             ApiOsRule::Android {
-                min_os_version: Some(android_version.to_owned()),
+                min_os_version: Some(android_version),
                 device_integrity_required: Some(true),
             },
         ],
@@ -422,15 +448,21 @@ async fn test_device_posture_list_filters_os_and_defguard(
     let other = EditDevicePosture {
         name: "Other posture".to_owned(),
         description: None,
-        min_client_version: None,
+        min_client_version: Some(CLIENT_VERSIONS[0].to_owned()),
         allow_prerelease_client: false,
-        os_rules: vec![ApiOsRule::Windows {
-            min_os_version: Some(valid_os_versions(&OsType::Windows)[1].to_owned()),
-            disk_encryption_required: Some(false),
-            antivirus_required: Some(false),
-            ad_domain_joined_required: None,
-            windows_security_update_current: None,
-        }],
+        os_rules: vec![
+            ApiOsRule::Windows {
+                min_os_version: Some(windows_version),
+                disk_encryption_required: Some(true),
+                antivirus_required: Some(true),
+                ad_domain_joined_required: None,
+                windows_security_update_current: None,
+            },
+            ApiOsRule::Android {
+                min_os_version: Some(android_version),
+                device_integrity_required: Some(true),
+            },
+        ],
     };
     let response = client
         .post("/api/v1/device-posture")
@@ -440,9 +472,18 @@ async fn test_device_posture_list_filters_os_and_defguard(
     assert_eq!(response.status(), StatusCode::CREATED);
     client.drain_all_events();
 
+    let response = client
+        .get("/api/v1/device-posture?defguard=Pre-release%20allowed")
+        .send()
+        .await;
+    assert_eq!(response.status(), StatusCode::OK);
+    let page: PaginatedApiResponse<ApiDevicePosture> = response.json().await;
+    assert_eq!(page.data.len(), 1);
+    assert_eq!(page.data[0].name, "Filtered posture");
+
     let response = client
         .get(
-            "/api/v1/device-posture?windows=Windows%2010&windows=Disk%20encryption&windows=Antivirus&android=15&android=Device%20integrity&defguard=1.6&defguard=Prerelease%20allowed",
+            "/api/v1/device-posture?windows=10&windows=Disk%20encryption&windows=Antivirus&android=15&android=Device%20integrity&defguard=1.6&defguard=Pre-release%20allowed",
         )
         .send()
         .await;
@@ -456,8 +497,8 @@ async fn test_device_posture_list_filters_os_and_defguard(
 async fn test_device_posture_os_rules_create_and_get(_: PgPoolOptions, options: PgConnectOptions) {
     let (mut client, _) = setup(options).await;
 
-    let windows_version = valid_os_versions(&OsType::Windows)[0];
-    let macos_version = valid_os_versions(&OsType::Macos)[0];
+    let windows_version = WINDOWS_OS_VERSIONS[0];
+    let macos_version = MACOS_OS_VERSIONS[0];
 
     let edit = EditDevicePosture {
         name: "With Rules".to_owned(),
@@ -466,14 +507,14 @@ async fn test_device_posture_os_rules_create_and_get(_: PgPoolOptions, options:
         allow_prerelease_client: false,
         os_rules: vec![
             ApiOsRule::Windows {
-                min_os_version: Some(windows_version.to_owned()),
+                min_os_version: Some(windows_version),
                 disk_encryption_required: Some(true),
                 antivirus_required: Some(false),
                 ad_domain_joined_required: None,
                 windows_security_update_current: Some(true),
             },
             ApiOsRule::Macos {
-                min_os_version: Some(macos_version.to_owned()),
+                min_os_version: Some(macos_version),
                 disk_encryption_required: Some(true),
                 device_integrity_required: Some(true),
             },
@@ -661,7 +702,7 @@ async fn test_device_posture_os_rules_validation(_: PgPoolOptions, options: PgCo
         min_client_version: None,
         allow_prerelease_client: false,
         os_rules: vec![ApiOsRule::Windows {
-            min_os_version: Some("Windows 7".to_owned()),
+            min_os_version: Some(7),
             disk_encryption_required: None,
             antivirus_required: None,
             ad_domain_joined_required: None,
@@ -714,7 +755,7 @@ async fn test_device_posture_os_rules_validation(_: PgPoolOptions, options: PgCo
         min_client_version: None,
         allow_prerelease_client: false,
         os_rules: vec![ApiOsRule::Linux {
-            min_kernel_version: Some("4.x".to_owned()),
+            min_kernel_version: Some(4),
             disk_encryption_required: None,
         }],
     };
diff --git a/migrations/20260513122829_[2.1.0]_system_versions_to_numbers.down.sql b/migrations/20260513122829_[2.1.0]_system_versions_to_numbers.down.sql
new file mode 100644
index 000000000..43d7af0a6
--- /dev/null
+++ b/migrations/20260513122829_[2.1.0]_system_versions_to_numbers.down.sql
@@ -0,0 +1,5 @@
+ALTER TABLE device_posture_os_rule DROP COLUMN min_os_version;
+ALTER TABLE device_posture_os_rule ADD COLUMN min_os_version text;
+
+ALTER TABLE device_posture_os_rule DROP COLUMN min_kernel_version;
+ALTER TABLE device_posture_os_rule ADD COLUMN min_kernel_version text;
diff --git a/migrations/20260513122829_[2.1.0]_system_versions_to_numbers.up.sql b/migrations/20260513122829_[2.1.0]_system_versions_to_numbers.up.sql
new file mode 100644
index 000000000..ad68e928f
--- /dev/null
+++ b/migrations/20260513122829_[2.1.0]_system_versions_to_numbers.up.sql
@@ -0,0 +1,5 @@
+ALTER TABLE device_posture_os_rule DROP COLUMN min_os_version;
+ALTER TABLE device_posture_os_rule ADD COLUMN min_os_version integer;
+
+ALTER TABLE device_posture_os_rule DROP COLUMN min_kernel_version;
+ALTER TABLE device_posture_os_rule ADD COLUMN min_kernel_version integer;
diff --git a/web/biome.json b/web/biome.json
index bd43a3e51..94e6a383f 100644
--- a/web/biome.json
+++ b/web/biome.json
@@ -9,6 +9,7 @@
     "ignoreUnknown": false,
     "includes": [
       "src/**",
+      "tests/**",
       "!src/messages",
       "!src/paraglide/**/*.js",
       "!src/routeTree.gen.ts",
diff --git a/web/messages/en/components.json b/web/messages/en/components.json
index c674f4bd3..43547120e 100644
--- a/web/messages/en/components.json
+++ b/web/messages/en/components.json
@@ -180,6 +180,42 @@
   "posture_checks_empty_title": "No posture checks added yet.",
   "posture_checks_empty_subtitle": "Add your first posture check to enhance access security.",
   "posture_checks_button_add": "Add new posture check",
+  "posture_checks_wizard_title": "Add posture check",
+  "posture_checks_wizard_subtitle": "To activate localization, make sure at least one Edge component is connected.",
+  "posture_checks_wizard_step_operating_systems": "Operating systems",
+  "posture_checks_wizard_step_operating_systems_description": "Define who can connect to your network.",
+  "posture_checks_wizard_operating_systems_title": "Select allowed operating systems",
+  "posture_checks_wizard_operating_systems_subtitle": "Only systems that match the rules below will be allowed to connect. All other connection attempts will be automatically denied.",
+  "posture_checks_wizard_operating_systems_windows_security_updates": "Check security updates",
+  "posture_checks_wizard_operating_systems_windows_security_updates_description": "Require devices to have the latest security updates installed.",
+  "posture_checks_wizard_operating_systems_security_conditions": "Security conditions",
+  "posture_checks_wizard_operating_systems_security_conditions_description": "Optionally define additional parameters for access control.",
+  "posture_checks_wizard_operating_systems_condition_active_directory": "Connected to Active Directory",
+  "posture_checks_wizard_operating_systems_condition_antivirus": "Antivirus installed",
+  "posture_checks_wizard_operating_systems_condition_disk_encryption": "Disk encryption enabled",
+  "posture_checks_wizard_operating_systems_condition_device_integrity": "Device integrity enabled",
+  "posture_checks_wizard_summary_defguard_label": "Defguard",
+  "posture_checks_wizard_summary_defguard_version": "Defguard {version} and higher",
+  "posture_checks_wizard_summary_prerelease": "Allow pre-release versions of the Defguard client.",
+  "posture_checks_wizard_summary_linux_version": "Kernel {version} and higher",
+  "posture_checks_wizard_summary_ios_version": "iOS {version} and higher",
+  "posture_checks_wizard_summary_android_version": "Android {version} and higher",
+  "posture_checks_wizard_step_client_version": "Defguard client version",
+  "posture_checks_wizard_step_client_version_description": "Define what version of the Defguard client you would like to support",
+  "posture_checks_wizard_client_version_note": "\u201cDefguard versions\u201d includes major releases as well as all subsequent patch updates with fixes and improvements.",
+  "posture_checks_wizard_client_version_option": "{version} and higher",
+  "posture_checks_wizard_client_version_prerelease_title": "Allow users who run pre-release versions of the Defguard client to access the system.",
+  "posture_checks_wizard_client_version_prerelease_description": "If you want to allow access for users testing pre-release (non-stable) versions of the Defguard client, enable this option.",
+  "posture_checks_wizard_step_details": "Name and description",
+  "posture_checks_wizard_step_details_description": "Name your posture check.",
+  "posture_checks_wizard_details_note": "Provide a clear and descriptive name for the posture check policy that makes its purpose easy to understand when it is applied, along with an optional short description that explains the context and conditions of the rule (e.g., Windows 11 restrictions, minimum Defguard version 2.0).",
+  "posture_checks_wizard_details_description_optional_label": "Description (optional)",
+  "posture_checks_wizard_step_summary": "Summary",
+  "posture_checks_wizard_step_summary_description": "Check your posture check settings before submitting.",
+  "posture_checks_wizard_summary_banner": "Only systems matching the conditions below will be allowed to access the VPN once this posture check is assigned to a location. All users who do not meet these requirements will be denied access.",
+  "posture_checks_wizard_confirm_modal_title": "Prevent admin lockout",
+  "posture_checks_wizard_confirm_modal_content": "Before applying this posture check, please confirm that at least one System Administrator will still meet all the required conditions.\n\nIf no administrator meets these requirements, admin access to the system may be lost.",
+  "posture_checks_wizard_summary_submit": "Create posture check",
   "cmp_video_support_launcher": "Video support",
   "cmp_video_support_list_label": "Video support",
   "cmp_video_tutorials_overlay_error": "Video unavailable",
diff --git a/web/package.json b/web/package.json
index 835b341be..bdb92f4a0 100644
--- a/web/package.json
+++ b/web/package.json
@@ -8,8 +8,8 @@
     "build": "vite build && tsc -b",
     "preview": "vite preview",
     "biome": "biome",
-    "lint": "biome check ./src/ && prettier src/**/*.scss --check --log-level error && stylelint \"src/**/*.scss\" -c ./.stylelintrc.json && tsc -b",
-    "fix": "biome check ./src/ --write --unsafe && prettier src/**/*.scss -w --log-level silent",
+    "lint": "biome check ./src/ ./tests/ && prettier src/**/*.scss --check --log-level error && stylelint \"src/**/*.scss\" -c ./.stylelintrc.json && tsc -b",
+    "fix": "biome check ./src/ ./tests/ --write --unsafe && prettier src/**/*.scss -w --log-level silent",
     "tsc": "tsc",
     "test": "vitest run",
     "test:ui": "vitest --ui",
diff --git a/web/src/pages/AddPostureCheckWizardPage/AddPostureCheckWizardPage.tsx b/web/src/pages/AddPostureCheckWizardPage/AddPostureCheckWizardPage.tsx
new file mode 100644
index 000000000..47c32a98a
--- /dev/null
+++ b/web/src/pages/AddPostureCheckWizardPage/AddPostureCheckWizardPage.tsx
@@ -0,0 +1,93 @@
+import { useSuspenseQuery } from '@tanstack/react-query';
+import { useNavigate } from '@tanstack/react-router';
+import { type ReactNode, useCallback, useEffect, useMemo } from 'react';
+import { m } from '../../paraglide/messages';
+import type { WizardPageStep } from '../../shared/components/wizard/types';
+import { WizardPage } from '../../shared/components/wizard/WizardPage/WizardPage';
+import { getDevicePostureVersionMetadataQueryOptions } from '../../shared/query';
+import { closeAddPostureCheckWizard } from './navigation';
+import './style.scss';
+import { getPostureCheckVersionValues } from '../PostureChecksPage/types';
+import { AddPostureCheckClientVersionStep } from './steps/AddPostureCheckClientVersionStep';
+import { AddPostureCheckDetailsStep } from './steps/AddPostureCheckDetailsStep';
+import { AddPostureCheckOperatingSystemsStep } from './steps/AddPostureCheckOperatingSystemsStep';
+import { AddPostureCheckSummaryStep } from './steps/AddPostureCheckSummaryStep';
+import { AddPostureCheckWizardStep, type AddPostureCheckWizardStepValue } from './types';
+import { useAddPostureCheckWizardStore } from './useAddPostureCheckWizardStore';
+
+export const AddPostureCheckWizardPage = () => {
+  const activeStep = useAddPostureCheckWizardStore((s) => s.activeStep);
+  const syncVersionValues = useAddPostureCheckWizardStore((s) => s.syncVersionValues);
+  const navigate = useNavigate();
+  const { data: versionMetadata } = useSuspenseQuery(
+    getDevicePostureVersionMetadataQueryOptions,
+  );
+  const versionValues = useMemo(
+    () => getPostureCheckVersionValues(versionMetadata),
+    [versionMetadata],
+  );
+
+  useEffect(() => {
+    syncVersionValues(versionValues);
+  }, [syncVersionValues, versionValues]);
+
+  const onClose = useCallback(() => {
+    closeAddPostureCheckWizard(navigate);
+  }, [navigate]);
+
+  const steps = useMemo(
+    (): Record<AddPostureCheckWizardStepValue, ReactNode> => ({
+      [AddPostureCheckWizardStep.OperatingSystems]: (
+        <AddPostureCheckOperatingSystemsStep versionValues={versionValues} />
+      ),
+      [AddPostureCheckWizardStep.ClientVersion]: (
+        <AddPostureCheckClientVersionStep versionValues={versionValues} />
+      ),
+      [AddPostureCheckWizardStep.Details]: <AddPostureCheckDetailsStep />,
+      [AddPostureCheckWizardStep.Summary]: <AddPostureCheckSummaryStep />,
+    }),
+    [versionValues],
+  );
+
+  const stepsConfig = useMemo(
+    (): Record<AddPostureCheckWizardStepValue, WizardPageStep> => ({
+      [AddPostureCheckWizardStep.OperatingSystems]: {
+        id: AddPostureCheckWizardStep.OperatingSystems,
+        label: m.posture_checks_wizard_step_operating_systems(),
+        order: 0,
+        description: m.posture_checks_wizard_step_operating_systems_description(),
+      },
+      [AddPostureCheckWizardStep.ClientVersion]: {
+        id: AddPostureCheckWizardStep.ClientVersion,
+        label: m.posture_checks_wizard_step_client_version(),
+        order: 1,
+        description: m.posture_checks_wizard_step_client_version_description(),
+      },
+      [AddPostureCheckWizardStep.Details]: {
+        id: AddPostureCheckWizardStep.Details,
+        label: m.posture_checks_wizard_step_details(),
+        order: 2,
+        description: m.posture_checks_wizard_step_details_description(),
+      },
+      [AddPostureCheckWizardStep.Summary]: {
+        id: AddPostureCheckWizardStep.Summary,
+        label: m.posture_checks_wizard_step_summary(),
+        order: 3,
+        description: m.posture_checks_wizard_step_summary_description(),
+      },
+    }),
+    [],
+  );
+
+  return (
+    <WizardPage
+      activeStep={activeStep}
+      steps={stepsConfig}
+      title={m.posture_checks_wizard_title()}
+      subtitle={m.posture_checks_wizard_subtitle()}
+      onClose={onClose}
+    >
+      {steps[activeStep]}
+    </WizardPage>
+  );
+};
diff --git a/web/src/pages/AddPostureCheckWizardPage/navigation.ts b/web/src/pages/AddPostureCheckWizardPage/navigation.ts
new file mode 100644
index 000000000..c33a9d27f
--- /dev/null
+++ b/web/src/pages/AddPostureCheckWizardPage/navigation.ts
@@ -0,0 +1,12 @@
+import type { useNavigate } from '@tanstack/react-router';
+import { useAddPostureCheckWizardStore } from './useAddPostureCheckWizardStore';
+
+type NavigateFn = ReturnType<typeof useNavigate>;
+
+export const closeAddPostureCheckWizard = (navigate: NavigateFn) => {
+  void navigate({ to: '/acl/posture-checks', replace: true }).then(() => {
+    setTimeout(() => {
+      useAddPostureCheckWizardStore.getState().reset();
+    }, 100);
+  });
+};
diff --git a/web/src/pages/AddPostureCheckWizardPage/operatingSystemVersionLabels.ts b/web/src/pages/AddPostureCheckWizardPage/operatingSystemVersionLabels.ts
new file mode 100644
index 000000000..a96f385cd
--- /dev/null
+++ b/web/src/pages/AddPostureCheckWizardPage/operatingSystemVersionLabels.ts
@@ -0,0 +1,23 @@
+import { policyOsVariantToText } from '../../shared/utils/policyPostures';
+import {
+  PostureCheckOs,
+  type PostureCheckOsValue,
+  type PostureCheckOsVersionValue,
+} from '../PostureChecksPage/types';
+
+export const getOperatingSystemVersionOptionLabel = (
+  operatingSystem: PostureCheckOsValue,
+  value: PostureCheckOsVersionValue,
+) => {
+  switch (operatingSystem) {
+    case PostureCheckOs.Windows:
+    case PostureCheckOs.Macos:
+      return `${policyOsVariantToText(operatingSystem)} ${value} or higher`;
+    case PostureCheckOs.Linux:
+      return `Kernel ${value} or higher`;
+    case PostureCheckOs.Ios:
+      return `iOS ${value} or higher`;
+    case PostureCheckOs.Android:
+      return `Android ${value} or higher`;
+  }
+};
diff --git a/web/src/pages/AddPostureCheckWizardPage/payload.ts b/web/src/pages/AddPostureCheckWizardPage/payload.ts
new file mode 100644
index 000000000..d1a6c8873
--- /dev/null
+++ b/web/src/pages/AddPostureCheckWizardPage/payload.ts
@@ -0,0 +1,95 @@
+import type {
+  EditDevicePostureOsRule,
+  EditDevicePostureRequest,
+} from '../../shared/api/types';
+import {
+  type PostureCheckDefguardVersionValue,
+  PostureCheckOs,
+  type PostureCheckOsValue,
+} from '../PostureChecksPage/types';
+import type {
+  OperatingSystemConditionKey,
+  OperatingSystemFormState,
+} from './useAddPostureCheckWizardStore';
+
+type BuildAddPostureCheckRequestInput = {
+  allowPrereleaseClient: boolean;
+  configuredOperatingSystems: PostureCheckOsValue[];
+  description: string | null;
+  minimumClientVersion: PostureCheckDefguardVersionValue;
+  name: string;
+  operatingSystemState: Record<PostureCheckOsValue, OperatingSystemFormState>;
+};
+
+const hasCondition = (
+  conditions: OperatingSystemConditionKey[],
+  condition: OperatingSystemConditionKey,
+) => conditions.includes(condition);
+
+const buildOperatingSystemRule = (
+  operatingSystem: PostureCheckOsValue,
+  details: OperatingSystemFormState,
+): EditDevicePostureOsRule => {
+  switch (operatingSystem) {
+    case PostureCheckOs.Windows:
+      return {
+        os_type: PostureCheckOs.Windows,
+        min_os_version: details.version,
+        disk_encryption_required: hasCondition(details.conditions, 'disk-encryption')
+          ? true
+          : null,
+        antivirus_required: hasCondition(details.conditions, 'antivirus') ? true : null,
+        ad_domain_joined_required: hasCondition(details.conditions, 'active-directory')
+          ? true
+          : null,
+        windows_security_update_current: details.securityUpdates ? true : null,
+      };
+    case PostureCheckOs.Macos:
+      return {
+        os_type: PostureCheckOs.Macos,
+        min_os_version: details.version,
+        disk_encryption_required: hasCondition(details.conditions, 'disk-encryption')
+          ? true
+          : null,
+        device_integrity_required: hasCondition(details.conditions, 'device-integrity')
+          ? true
+          : null,
+      };
+    case PostureCheckOs.Linux:
+      return {
+        os_type: PostureCheckOs.Linux,
+        min_kernel_version: details.version,
+        disk_encryption_required: hasCondition(details.conditions, 'disk-encryption')
+          ? true
+          : null,
+      };
+    case PostureCheckOs.Ios:
+      return {
+        os_type: PostureCheckOs.Ios,
+        min_os_version: details.version,
+      };
+    case PostureCheckOs.Android:
+      return {
+        os_type: PostureCheckOs.Android,
+        min_os_version: details.version,
+        device_integrity_required: hasCondition(details.conditions, 'device-integrity')
+          ? true
+          : null,
+      };
+  }
+};
+
+export const buildAddPostureCheckRequest = (
+  input: BuildAddPostureCheckRequestInput,
+): EditDevicePostureRequest => ({
+  name: input.name,
+  description: input.description,
+  min_client_version: input.minimumClientVersion,
+  allow_prerelease_client: input.allowPrereleaseClient,
+  os_rules: input.configuredOperatingSystems.map((operatingSystem) =>
+    buildOperatingSystemRule(
+      operatingSystem,
+      input.operatingSystemState[operatingSystem],
+    ),
+  ),
+});
diff --git a/web/src/pages/AddPostureCheckWizardPage/steps/AddPostureCheckClientVersionStep.tsx b/web/src/pages/AddPostureCheckWizardPage/steps/AddPostureCheckClientVersionStep.tsx
new file mode 100644
index 000000000..da58f0e43
--- /dev/null
+++ b/web/src/pages/AddPostureCheckWizardPage/steps/AddPostureCheckClientVersionStep.tsx
@@ -0,0 +1,73 @@
+import { m } from '../../../paraglide/messages';
+import { Controls } from '../../../shared/components/Controls/Controls';
+import { WizardCard } from '../../../shared/components/wizard/WizardCard/WizardCard';
+import { AppText } from '../../../shared/defguard-ui/components/AppText/AppText';
+import { Button } from '../../../shared/defguard-ui/components/Button/Button';
+import { InteractiveBlock } from '../../../shared/defguard-ui/components/InteractiveBlock/InteractiveBlock';
+import { Select } from '../../../shared/defguard-ui/components/Select/Select';
+import { TextStyle, ThemeVariable } from '../../../shared/defguard-ui/types';
+import type { PostureCheckVersionValues } from '../../PostureChecksPage/types';
+import { useAddPostureCheckWizardStore } from '../useAddPostureCheckWizardStore';
+
+type Props = {
+  versionValues: PostureCheckVersionValues;
+};
+
+export const AddPostureCheckClientVersionStep = ({ versionValues }: Props) => {
+  const back = useAddPostureCheckWizardStore((s) => s.back);
+  const next = useAddPostureCheckWizardStore((s) => s.next);
+  const minimumClientVersion = useAddPostureCheckWizardStore(
+    (s) => s.minimumClientVersion,
+  );
+  const allowPrereleaseClient = useAddPostureCheckWizardStore(
+    (s) => s.allowPrereleaseClient,
+  );
+  const setMinimumClientVersion = useAddPostureCheckWizardStore(
+    (s) => s.setMinimumClientVersion,
+  );
+  const setAllowPrereleaseClient = useAddPostureCheckWizardStore(
+    (s) => s.setAllowPrereleaseClient,
+  );
+
+  const versionOptions = versionValues.defguard.map((version) => ({
+    key: version,
+    label: m.posture_checks_wizard_client_version_option({ version }),
+    value: version,
+  }));
+
+  const selectedVersion =
+    versionOptions.find((option) => option.value === minimumClientVersion) ??
+    versionOptions[versionOptions.length - 1];
+
+  return (
+    <WizardCard className="add-posture-check-client-version-step">
+      <div className="client-version-track">
+        <AppText font={TextStyle.TBodySm400} color={ThemeVariable.FgMuted}>
+          {m.posture_checks_wizard_client_version_note()}
+        </AppText>
+        <Select
+          options={versionOptions}
+          value={selectedVersion}
+          onChange={(option) => {
+            setMinimumClientVersion(option.value);
+          }}
+        />
+        <InteractiveBlock
+          variant="checkbox"
+          value={allowPrereleaseClient}
+          title={m.posture_checks_wizard_client_version_prerelease_title()}
+          content={m.posture_checks_wizard_client_version_prerelease_description()}
+          onClick={() => {
+            setAllowPrereleaseClient(!allowPrereleaseClient);
+          }}
+        />
+      </div>
+      <Controls>
+        <Button text={m.controls_back()} variant="outlined" onClick={back} />
+        <div className="right">
+          <Button text={m.controls_continue()} onClick={next} />
+        </div>
+      </Controls>
+    </WizardCard>
+  );
+};
diff --git a/web/src/pages/AddPostureCheckWizardPage/steps/AddPostureCheckDetailsStep.tsx b/web/src/pages/AddPostureCheckWizardPage/steps/AddPostureCheckDetailsStep.tsx
new file mode 100644
index 000000000..678ca0e8a
--- /dev/null
+++ b/web/src/pages/AddPostureCheckWizardPage/steps/AddPostureCheckDetailsStep.tsx
@@ -0,0 +1,49 @@
+import { m } from '../../../paraglide/messages';
+import { Controls } from '../../../shared/components/Controls/Controls';
+import { WizardCard } from '../../../shared/components/wizard/WizardCard/WizardCard';
+import { AppText } from '../../../shared/defguard-ui/components/AppText/AppText';
+import { Button } from '../../../shared/defguard-ui/components/Button/Button';
+import { Input } from '../../../shared/defguard-ui/components/Input/Input';
+import { Textarea } from '../../../shared/defguard-ui/components/Textarea/Textarea';
+import { TextStyle, ThemeVariable } from '../../../shared/defguard-ui/types';
+import { useAddPostureCheckWizardStore } from '../useAddPostureCheckWizardStore';
+
+export const AddPostureCheckDetailsStep = () => {
+  const back = useAddPostureCheckWizardStore((s) => s.back);
+  const description = useAddPostureCheckWizardStore((s) => s.description);
+  const name = useAddPostureCheckWizardStore((s) => s.name);
+  const next = useAddPostureCheckWizardStore((s) => s.next);
+  const setDescription = useAddPostureCheckWizardStore((s) => s.setDescription);
+  const setName = useAddPostureCheckWizardStore((s) => s.setName);
+
+  return (
+    <WizardCard className="add-posture-check-details-step">
+      <div className="details-track">
+        <AppText font={TextStyle.TBodySm400} color={ThemeVariable.FgMuted}>
+          {m.posture_checks_wizard_details_note()}
+        </AppText>
+        <div className="details-fields">
+          <Input
+            required
+            label={m.form_label_name()}
+            value={name}
+            onChange={(value) => {
+              setName(String(value ?? ''));
+            }}
+          />
+          <Textarea
+            label={m.posture_checks_wizard_details_description_optional_label()}
+            value={description}
+            onChange={setDescription}
+          />
+        </div>
+      </div>
+      <Controls>
+        <Button text={m.controls_back()} variant="outlined" onClick={back} />
+        <div className="right">
+          <Button text={m.controls_continue()} onClick={next} />
+        </div>
+      </Controls>
+    </WizardCard>
+  );
+};
diff --git a/web/src/pages/AddPostureCheckWizardPage/steps/AddPostureCheckOperatingSystemsStep.tsx b/web/src/pages/AddPostureCheckWizardPage/steps/AddPostureCheckOperatingSystemsStep.tsx
new file mode 100644
index 000000000..367eb4843
--- /dev/null
+++ b/web/src/pages/AddPostureCheckWizardPage/steps/AddPostureCheckOperatingSystemsStep.tsx
@@ -0,0 +1,232 @@
+import { m } from '../../../paraglide/messages';
+import { Controls } from '../../../shared/components/Controls/Controls';
+import { PolicyOsCard } from '../../../shared/components/policyPostures/PolicyOsCard/PolicyOsCard';
+import { SystemSelector } from '../../../shared/components/SystemSelector/SystemSelector';
+import { WizardCard } from '../../../shared/components/wizard/WizardCard/WizardCard';
+import { AppText } from '../../../shared/defguard-ui/components/AppText/AppText';
+import { Button } from '../../../shared/defguard-ui/components/Button/Button';
+import { Checkbox } from '../../../shared/defguard-ui/components/Checkbox/Checkbox';
+import { Divider } from '../../../shared/defguard-ui/components/Divider/Divider';
+import { FieldLabel } from '../../../shared/defguard-ui/components/FieldLabel/FieldLabel';
+import { InteractiveBlock } from '../../../shared/defguard-ui/components/InteractiveBlock/InteractiveBlock';
+import { Select } from '../../../shared/defguard-ui/components/Select/Select';
+import type { SelectOption } from '../../../shared/defguard-ui/components/Select/types';
+import { TextStyle, ThemeVariable } from '../../../shared/defguard-ui/types';
+import {
+  PostureCheckOs,
+  type PostureCheckOsValue,
+  type PostureCheckOsVersionValue,
+  type PostureCheckVersionValues,
+} from '../../PostureChecksPage/types';
+import { getOperatingSystemVersionOptionLabel } from '../operatingSystemVersionLabels';
+import { addPostureCheckOperatingSystems } from '../types';
+import {
+  type OperatingSystemConditionKey,
+  useAddPostureCheckWizardStore,
+} from '../useAddPostureCheckWizardStore';
+
+type Props = {
+  versionValues: PostureCheckVersionValues;
+};
+
+type ConditionDefinition = {
+  helperText?: string;
+  id: OperatingSystemConditionKey;
+  label: string;
+};
+
+export const AddPostureCheckOperatingSystemsStep = ({ versionValues }: Props) => {
+  const next = useAddPostureCheckWizardStore((s) => s.next);
+  const configuredOperatingSystems = useAddPostureCheckWizardStore(
+    (s) => s.configuredOperatingSystems,
+  );
+  const addConfiguredOperatingSystem = useAddPostureCheckWizardStore(
+    (s) => s.addConfiguredOperatingSystem,
+  );
+  const removeConfiguredOperatingSystem = useAddPostureCheckWizardStore(
+    (s) => s.removeConfiguredOperatingSystem,
+  );
+  const operatingSystemState = useAddPostureCheckWizardStore(
+    (s) => s.operatingSystemState,
+  );
+  const updateOperatingSystemDetails = useAddPostureCheckWizardStore(
+    (s) => s.updateOperatingSystemDetails,
+  );
+
+  const conditionDefinitions: Record<PostureCheckOsValue, ConditionDefinition[]> = {
+    [PostureCheckOs.Windows]: [
+      {
+        id: 'active-directory',
+        label: m.posture_checks_wizard_operating_systems_condition_active_directory(),
+      },
+      {
+        id: 'antivirus',
+        label: m.posture_checks_wizard_operating_systems_condition_antivirus(),
+      },
+      {
+        id: 'disk-encryption',
+        label: m.posture_checks_wizard_operating_systems_condition_disk_encryption(),
+      },
+    ],
+    [PostureCheckOs.Macos]: [
+      {
+        id: 'disk-encryption',
+        label: m.posture_checks_wizard_operating_systems_condition_disk_encryption(),
+      },
+      {
+        id: 'device-integrity',
+        label: m.posture_checks_wizard_operating_systems_condition_device_integrity(),
+      },
+    ],
+    [PostureCheckOs.Linux]: [
+      {
+        id: 'disk-encryption',
+        label: m.posture_checks_wizard_operating_systems_condition_disk_encryption(),
+      },
+    ],
+    [PostureCheckOs.Ios]: [],
+    [PostureCheckOs.Android]: [
+      {
+        id: 'device-integrity',
+        label: m.posture_checks_wizard_operating_systems_condition_device_integrity(),
+      },
+    ],
+  };
+
+  const getVersionOptions = (
+    operatingSystem: PostureCheckOsValue,
+  ): SelectOption<PostureCheckOsVersionValue>[] =>
+    versionValues[operatingSystem].map((value) => ({
+      key: value,
+      label: getOperatingSystemVersionOptionLabel(operatingSystem, value),
+      value,
+    }));
+
+  const toggleCondition = (
+    operatingSystem: PostureCheckOsValue,
+    condition: OperatingSystemConditionKey,
+  ) => {
+    const nextConditions = operatingSystemState[operatingSystem].conditions.includes(
+      condition,
+    )
+      ? operatingSystemState[operatingSystem].conditions.filter(
+          (value) => value !== condition,
+        )
+      : [...operatingSystemState[operatingSystem].conditions, condition];
+
+    updateOperatingSystemDetails(operatingSystem, {
+      conditions: nextConditions,
+    });
+  };
+
+  const renderOperatingSystemCard = (operatingSystem: PostureCheckOsValue) => {
+    const versionOptions = getVersionOptions(operatingSystem);
+    const details = operatingSystemState[operatingSystem];
+    const selectedVersion =
+      versionOptions.find((option) => option.value === details.version) ??
+      versionOptions[0];
+    const conditions = conditionDefinitions[operatingSystem];
+    const showWindowsSecurityUpdate = operatingSystem === PostureCheckOs.Windows;
+
+    return (
+      <PolicyOsCard
+        os={operatingSystem}
+        onDiscard={() => {
+          removeConfiguredOperatingSystem(operatingSystem);
+        }}
+      >
+        <div className="system-details">
+          <Select
+            options={versionOptions}
+            value={selectedVersion}
+            onChange={(option) => {
+              updateOperatingSystemDetails(operatingSystem, {
+                version: option.value,
+              });
+            }}
+          />
+          {showWindowsSecurityUpdate && (
+            <InteractiveBlock
+              variant="checkbox"
+              value={details.securityUpdates}
+              title={m.posture_checks_wizard_operating_systems_windows_security_updates()}
+              content={m.posture_checks_wizard_operating_systems_windows_security_updates_description()}
+              onClick={() => {
+                updateOperatingSystemDetails(operatingSystem, {
+                  securityUpdates: !details.securityUpdates,
+                });
+              }}
+            />
+          )}
+          {showWindowsSecurityUpdate && conditions.length > 0 && <Divider />}
+          {conditions.length > 0 && (
+            <div className="system-conditions">
+              <div className="section-text">
+                <AppText font={TextStyle.TBodySm500}>
+                  {m.posture_checks_wizard_operating_systems_security_conditions()}
+                </AppText>
+                <AppText font={TextStyle.TBodySm400} color={ThemeVariable.FgMuted}>
+                  {m.posture_checks_wizard_operating_systems_security_conditions_description()}
+                </AppText>
+              </div>
+              <div className="condition-list">
+                {conditions.map((condition) => (
+                  <Checkbox
+                    key={condition.id}
+                    active={details.conditions.includes(condition.id)}
+                    text={condition.helperText ? undefined : condition.label}
+                    onClick={() => {
+                      toggleCondition(operatingSystem, condition.id);
+                    }}
+                  >
+                    {condition.helperText && (
+                      <FieldLabel text={condition.label} helper={condition.helperText} />
+                    )}
+                  </Checkbox>
+                ))}
+              </div>
+            </div>
+          )}
+        </div>
+      </PolicyOsCard>
+    );
+  };
+
+  const visibleSystemSelectors = addPostureCheckOperatingSystems.filter(
+    (operatingSystem) => !configuredOperatingSystems.includes(operatingSystem),
+  );
+
+  return (
+    <WizardCard className="add-posture-check-operating-systems-step">
+      <div className="content-track">
+        <div className="copy-block">
+          <AppText font={TextStyle.TBodySm500}>
+            {m.posture_checks_wizard_operating_systems_title()}
+          </AppText>
+          <AppText font={TextStyle.TBodySm400} color={ThemeVariable.FgMuted}>
+            {m.posture_checks_wizard_operating_systems_subtitle()}
+          </AppText>
+        </div>
+        {configuredOperatingSystems.map((operatingSystem) =>
+          renderOperatingSystemCard(operatingSystem),
+        )}
+        <div className="systems-list">
+          {visibleSystemSelectors.map((operatingSystem) => (
+            <SystemSelector
+              key={operatingSystem}
+              os={operatingSystem}
+              onClick={() => {
+                addConfiguredOperatingSystem(operatingSystem);
+              }}
+            />
+          ))}
+        </div>
+      </div>
+      <Controls>
+        <div className="right">
+          <Button text={m.controls_continue()} onClick={next} />
+        </div>
+      </Controls>
+    </WizardCard>
+  );
+};
diff --git a/web/src/pages/AddPostureCheckWizardPage/steps/AddPostureCheckSummaryStep.tsx b/web/src/pages/AddPostureCheckWizardPage/steps/AddPostureCheckSummaryStep.tsx
new file mode 100644
index 000000000..2f72b5509
--- /dev/null
+++ b/web/src/pages/AddPostureCheckWizardPage/steps/AddPostureCheckSummaryStep.tsx
@@ -0,0 +1,126 @@
+import { useNavigate } from '@tanstack/react-router';
+import { Fragment } from 'react';
+import { m } from '../../../paraglide/messages';
+import api from '../../../shared/api/api';
+import { Controls } from '../../../shared/components/Controls/Controls';
+import { WizardCard } from '../../../shared/components/wizard/WizardCard/WizardCard';
+import { AppText } from '../../../shared/defguard-ui/components/AppText/AppText';
+import { Button } from '../../../shared/defguard-ui/components/Button/Button';
+import { Divider } from '../../../shared/defguard-ui/components/Divider/Divider';
+import { Icon } from '../../../shared/defguard-ui/components/Icon';
+import { InfoBanner } from '../../../shared/defguard-ui/components/InfoBanner/InfoBanner';
+import { TextStyle, ThemeVariable } from '../../../shared/defguard-ui/types';
+import { openModal } from '../../../shared/hooks/modalControls/modalsSubjects';
+import { ModalName } from '../../../shared/hooks/modalControls/modalTypes';
+import { closeAddPostureCheckWizard } from '../navigation';
+import { buildAddPostureCheckRequest } from '../payload';
+import {
+  buildClientSummarySection,
+  buildOperatingSystemSummarySection,
+} from '../summary';
+import { useAddPostureCheckWizardStore } from '../useAddPostureCheckWizardStore';
+
+export const AddPostureCheckSummaryStep = () => {
+  const back = useAddPostureCheckWizardStore((s) => s.back);
+  const description = useAddPostureCheckWizardStore((s) => s.description);
+  const configuredOperatingSystems = useAddPostureCheckWizardStore(
+    (s) => s.configuredOperatingSystems,
+  );
+  const minimumClientVersion = useAddPostureCheckWizardStore(
+    (s) => s.minimumClientVersion,
+  );
+  const allowPrereleaseClient = useAddPostureCheckWizardStore(
+    (s) => s.allowPrereleaseClient,
+  );
+  const name = useAddPostureCheckWizardStore((s) => s.name);
+  const operatingSystemState = useAddPostureCheckWizardStore(
+    (s) => s.operatingSystemState,
+  );
+  const navigate = useNavigate();
+
+  const requestData = buildAddPostureCheckRequest({
+    allowPrereleaseClient,
+    configuredOperatingSystems,
+    description,
+    minimumClientVersion,
+    name,
+    operatingSystemState,
+  });
+
+  const sections = [
+    ...configuredOperatingSystems.map((operatingSystem) =>
+      buildOperatingSystemSummarySection(
+        operatingSystem,
+        operatingSystemState[operatingSystem],
+      ),
+    ),
+    buildClientSummarySection(minimumClientVersion, allowPrereleaseClient),
+  ];
+
+  return (
+    <WizardCard className="add-posture-check-summary-step">
+      <div className="summary-track">
+        <InfoBanner
+          icon="info-outlined"
+          text={m.posture_checks_wizard_summary_banner()}
+        />
+        <div className="summary-sections">
+          {sections.map((section, index) => (
+            <Fragment key={section.label}>
+              <div className="summary-row">
+                <div className="summary-heading">
+                  <Icon icon={section.icon} size={16} />
+                  <AppText font={TextStyle.TBodySm400} color={ThemeVariable.FgNeutral}>
+                    {section.label}
+                  </AppText>
+                </div>
+                <div className="summary-lines">
+                  {section.lines.map((line) => (
+                    <div className="summary-line" key={line.text}>
+                      <Icon icon="status-check" size={16} />
+                      <AppText
+                        font={
+                          line.emphasized ? TextStyle.TBodySm500 : TextStyle.TBodySm400
+                        }
+                        color={
+                          line.emphasized
+                            ? ThemeVariable.FgDefault
+                            : ThemeVariable.FgFaded
+                        }
+                      >
+                        {line.text}
+                      </AppText>
+                    </div>
+                  ))}
+                </div>
+              </div>
+              {index < sections.length - 1 && <Divider />}
+            </Fragment>
+          ))}
+        </div>
+      </div>
+      <Controls>
+        <Button text={m.controls_back()} variant="outlined" onClick={back} />
+        <div className="right">
+          <Button
+            text={m.posture_checks_wizard_summary_submit()}
+            onClick={() => {
+              openModal(ModalName.ConfirmAction, {
+                title: m.posture_checks_wizard_confirm_modal_title(),
+                contentMd: m.posture_checks_wizard_confirm_modal_content(),
+                actionPromise: () => api.devicePosture.addDevicePosture(requestData),
+                invalidateKeys: [['device-posture']],
+                submitProps: {
+                  text: m.posture_checks_wizard_summary_submit(),
+                },
+                onSuccess: () => {
+                  closeAddPostureCheckWizard(navigate);
+                },
+              });
+            }}
+          />
+        </div>
+      </Controls>
+    </WizardCard>
+  );
+};
diff --git a/web/src/pages/AddPostureCheckWizardPage/style.scss b/web/src/pages/AddPostureCheckWizardPage/style.scss
new file mode 100644
index 000000000..70cbc353a
--- /dev/null
+++ b/web/src/pages/AddPostureCheckWizardPage/style.scss
@@ -0,0 +1,141 @@
+.add-posture-check-operating-systems-step {
+  display: flex;
+  flex-direction: column;
+  gap: var(--spacing-3xl);
+
+  .content-track {
+    display: flex;
+    flex-direction: column;
+    gap: var(--spacing-2xl);
+  }
+
+  .copy-block {
+    display: flex;
+    flex-direction: column;
+    gap: var(--spacing-xs);
+    max-width: 42rem;
+  }
+
+  .systems-list {
+    display: flex;
+    flex-flow: row wrap;
+    gap: var(--spacing-md);
+  }
+
+  .system-details {
+    display: flex;
+    flex-direction: column;
+    gap: var(--spacing-xl);
+  }
+
+  .section-text {
+    display: flex;
+    flex-direction: column;
+    gap: var(--spacing-xs);
+  }
+
+  .system-conditions {
+    display: flex;
+    flex-direction: column;
+    gap: var(--spacing-xl);
+  }
+
+  .condition-list {
+    display: flex;
+    flex-direction: column;
+    gap: var(--spacing-md);
+
+    .checkbox > .track.with-custom-label {
+      align-items: center;
+    }
+
+    .field-label {
+      padding-bottom: 0;
+      font: var(--t-body-sm-400);
+      color: var(--fg-default);
+
+      > span {
+        padding-left: 0;
+      }
+    }
+  }
+}
+
+.add-posture-check-client-version-step {
+  display: flex;
+  flex-direction: column;
+  gap: var(--spacing-3xl);
+
+  .client-version-track {
+    display: flex;
+    flex-direction: column;
+    gap: var(--spacing-2xl);
+  }
+}
+
+.add-posture-check-details-step {
+  display: flex;
+  flex-direction: column;
+  gap: var(--spacing-3xl);
+
+  .details-track,
+  .details-fields {
+    display: flex;
+    flex-direction: column;
+  }
+
+  .details-track {
+    gap: var(--spacing-xl);
+  }
+
+  .details-fields {
+    gap: var(--spacing-xl);
+  }
+}
+
+.add-posture-check-summary-step {
+  display: flex;
+  flex-direction: column;
+  gap: var(--spacing-3xl);
+
+  .summary-track,
+  .summary-sections,
+  .summary-lines {
+    display: flex;
+    flex-direction: column;
+  }
+
+  .summary-track {
+    gap: var(--spacing-2xl);
+  }
+
+  .summary-sections {
+    gap: var(--spacing-xl);
+  }
+
+  .summary-row {
+    display: grid;
+    grid-template-columns: minmax(8rem, 10rem) minmax(0, 1fr);
+    gap: var(--spacing-md);
+    align-items: start;
+  }
+
+  .summary-heading,
+  .summary-line {
+    display: flex;
+  }
+
+  .summary-heading {
+    gap: var(--spacing-md);
+    align-items: center;
+  }
+
+  .summary-lines {
+    gap: var(--spacing-sm);
+  }
+
+  .summary-line {
+    gap: var(--spacing-sm);
+    align-items: flex-start;
+  }
+}
diff --git a/web/src/pages/AddPostureCheckWizardPage/summary.ts b/web/src/pages/AddPostureCheckWizardPage/summary.ts
new file mode 100644
index 000000000..d26650c30
--- /dev/null
+++ b/web/src/pages/AddPostureCheckWizardPage/summary.ts
@@ -0,0 +1,108 @@
+import { m } from '../../paraglide/messages';
+import type { IconKindValue } from '../../shared/defguard-ui/components/Icon';
+import {
+  policyOsVariantToIcon,
+  policyOsVariantToText,
+} from '../../shared/utils/policyPostures';
+import {
+  type PostureCheckDefguardVersionValue,
+  PostureCheckOs,
+  type PostureCheckOsValue,
+  type PostureCheckOsVersionValue,
+} from '../PostureChecksPage/types';
+import type {
+  OperatingSystemConditionKey,
+  OperatingSystemFormState,
+} from './useAddPostureCheckWizardStore';
+
+export type SummaryLine = {
+  text: string;
+  emphasized?: boolean;
+};
+
+export type SummarySection = {
+  icon: IconKindValue;
+  label: string;
+  lines: SummaryLine[];
+};
+
+const getConditionLabel = (condition: OperatingSystemConditionKey) => {
+  switch (condition) {
+    case 'active-directory':
+      return m.posture_checks_wizard_operating_systems_condition_active_directory();
+    case 'antivirus':
+      return m.posture_checks_wizard_operating_systems_condition_antivirus();
+    case 'device-integrity':
+      return m.posture_checks_wizard_operating_systems_condition_device_integrity();
+    case 'disk-encryption':
+      return m.posture_checks_wizard_operating_systems_condition_disk_encryption();
+    case 'pre-release':
+      return m.posture_checks_wizard_summary_prerelease();
+  }
+};
+
+const getOperatingSystemVersionLabel = (
+  operatingSystem: PostureCheckOsValue,
+  version: PostureCheckOsVersionValue,
+) => {
+  switch (operatingSystem) {
+    case PostureCheckOs.Windows:
+      return m.posture_checks_wizard_client_version_option({ version });
+    case PostureCheckOs.Macos:
+      return m.posture_checks_wizard_client_version_option({ version });
+    case PostureCheckOs.Linux:
+      return m.posture_checks_wizard_summary_linux_version({ version });
+    case PostureCheckOs.Ios:
+      return m.posture_checks_wizard_summary_ios_version({ version });
+    case PostureCheckOs.Android:
+      return m.posture_checks_wizard_summary_android_version({ version });
+  }
+};
+
+export const buildOperatingSystemSummarySection = (
+  operatingSystem: PostureCheckOsValue,
+  details: OperatingSystemFormState,
+): SummarySection => {
+  const lines: SummaryLine[] = [];
+
+  if (details.version !== null) {
+    lines.push({
+      text: getOperatingSystemVersionLabel(operatingSystem, details.version),
+      emphasized: true,
+    });
+  }
+
+  details.conditions.forEach((condition) => {
+    lines.push({ text: getConditionLabel(condition) });
+  });
+
+  return {
+    icon: policyOsVariantToIcon(operatingSystem),
+    label: policyOsVariantToText(operatingSystem),
+    lines,
+  };
+};
+
+export const buildClientSummarySection = (
+  minimumClientVersion: PostureCheckDefguardVersionValue,
+  allowPrereleaseClient: boolean,
+): SummarySection => {
+  const lines: SummaryLine[] = [
+    {
+      text: m.posture_checks_wizard_summary_defguard_version({
+        version: minimumClientVersion,
+      }),
+      emphasized: true,
+    },
+  ];
+
+  if (allowPrereleaseClient) {
+    lines.push({ text: getConditionLabel('pre-release') });
+  }
+
+  return {
+    icon: 'defguard',
+    label: m.posture_checks_wizard_summary_defguard_label(),
+    lines,
+  };
+};
diff --git a/web/src/pages/AddPostureCheckWizardPage/types.ts b/web/src/pages/AddPostureCheckWizardPage/types.ts
new file mode 100644
index 000000000..bd7ed3afb
--- /dev/null
+++ b/web/src/pages/AddPostureCheckWizardPage/types.ts
@@ -0,0 +1,26 @@
+import { PostureCheckOs, type PostureCheckOsValue } from '../PostureChecksPage/types';
+
+export const AddPostureCheckWizardStep = {
+  OperatingSystems: 'operating-systems',
+  ClientVersion: 'client-version',
+  Details: 'details',
+  Summary: 'summary',
+} as const;
+
+export type AddPostureCheckWizardStepValue =
+  (typeof AddPostureCheckWizardStep)[keyof typeof AddPostureCheckWizardStep];
+
+export const addPostureCheckWizardStepOrder: AddPostureCheckWizardStepValue[] = [
+  AddPostureCheckWizardStep.OperatingSystems,
+  AddPostureCheckWizardStep.ClientVersion,
+  AddPostureCheckWizardStep.Details,
+  AddPostureCheckWizardStep.Summary,
+];
+
+export const addPostureCheckOperatingSystems: PostureCheckOsValue[] = [
+  PostureCheckOs.Windows,
+  PostureCheckOs.Macos,
+  PostureCheckOs.Linux,
+  PostureCheckOs.Ios,
+  PostureCheckOs.Android,
+];
diff --git a/web/src/pages/AddPostureCheckWizardPage/useAddPostureCheckWizardStore.ts b/web/src/pages/AddPostureCheckWizardPage/useAddPostureCheckWizardStore.ts
new file mode 100644
index 000000000..9ab6c118c
--- /dev/null
+++ b/web/src/pages/AddPostureCheckWizardPage/useAddPostureCheckWizardStore.ts
@@ -0,0 +1,221 @@
+import { create } from 'zustand';
+import { isPresent } from '../../shared/defguard-ui/utils/isPresent';
+import {
+  type PostureCheckDefguardVersionValue,
+  PostureCheckOs,
+  type PostureCheckOsValue,
+  type PostureCheckOsVersionValue,
+  type PostureCheckVersionValues,
+} from '../PostureChecksPage/types';
+import {
+  AddPostureCheckWizardStep,
+  type AddPostureCheckWizardStepValue,
+  addPostureCheckWizardStepOrder,
+} from './types';
+
+export type OperatingSystemConditionKey =
+  | 'active-directory'
+  | 'antivirus'
+  | 'disk-encryption'
+  | 'device-integrity'
+  | 'pre-release';
+
+export type OperatingSystemFormState = {
+  conditions: OperatingSystemConditionKey[];
+  securityUpdates: boolean;
+  version: PostureCheckOsVersionValue | null;
+};
+
+const getCurrentOrLatestVersion = <T extends string | number>(
+  values: readonly T[],
+  currentValue?: T | null,
+): T | null => {
+  if (isPresent(currentValue) && values.includes(currentValue)) {
+    return currentValue;
+  }
+
+  return values[values.length - 1] ?? currentValue ?? null;
+};
+
+const emptyPostureCheckVersionValues: PostureCheckVersionValues = {
+  windows: [],
+  macos: [],
+  linux: [],
+  ios: [],
+  android: [],
+  defguard: [],
+};
+
+const createDefaultOperatingSystemState = (
+  versionValues: PostureCheckVersionValues,
+): Record<PostureCheckOsValue, OperatingSystemFormState> => ({
+  [PostureCheckOs.Windows]: {
+    conditions: [],
+    securityUpdates: false,
+    version: getCurrentOrLatestVersion(versionValues.windows),
+  },
+  [PostureCheckOs.Macos]: {
+    conditions: [],
+    securityUpdates: false,
+    version: getCurrentOrLatestVersion(versionValues.macos),
+  },
+  [PostureCheckOs.Linux]: {
+    conditions: [],
+    securityUpdates: false,
+    version: getCurrentOrLatestVersion(versionValues.linux),
+  },
+  [PostureCheckOs.Ios]: {
+    conditions: [],
+    securityUpdates: false,
+    version: getCurrentOrLatestVersion(versionValues.ios),
+  },
+  [PostureCheckOs.Android]: {
+    conditions: [],
+    securityUpdates: false,
+    version: getCurrentOrLatestVersion(versionValues.android),
+  },
+});
+
+const createDefaultState = (versionValues: PostureCheckVersionValues): StoreValues => ({
+  activeStep: AddPostureCheckWizardStep.OperatingSystems,
+  allowPrereleaseClient: false,
+  configuredOperatingSystems: [],
+  description: null,
+  minimumClientVersion: getCurrentOrLatestVersion(versionValues.defguard) ?? '',
+  name: '',
+  operatingSystemState: createDefaultOperatingSystemState(versionValues),
+  availableVersionValues: versionValues,
+});
+
+interface StoreValues {
+  activeStep: AddPostureCheckWizardStepValue;
+  configuredOperatingSystems: PostureCheckOsValue[];
+  allowPrereleaseClient: boolean;
+  description: string | null;
+  minimumClientVersion: PostureCheckDefguardVersionValue;
+  name: string;
+  operatingSystemState: Record<PostureCheckOsValue, OperatingSystemFormState>;
+  availableVersionValues: PostureCheckVersionValues;
+}
+
+interface Store extends StoreValues {
+  addConfiguredOperatingSystem: (value: PostureCheckOsValue) => void;
+  removeConfiguredOperatingSystem: (value: PostureCheckOsValue) => void;
+  reset: () => void;
+  next: () => void;
+  back: () => void;
+  syncVersionValues: (versionValues: PostureCheckVersionValues) => void;
+  setDescription: (value: string | null) => void;
+  setAllowPrereleaseClient: (value: boolean) => void;
+  setMinimumClientVersion: (value: PostureCheckDefguardVersionValue) => void;
+  setName: (value: string) => void;
+  updateOperatingSystemDetails: (
+    operatingSystem: PostureCheckOsValue,
+    values: Partial<OperatingSystemFormState>,
+  ) => void;
+}
+
+export const useAddPostureCheckWizardStore = create<Store>()((set, get) => ({
+  ...createDefaultState(emptyPostureCheckVersionValues),
+  reset: () => set(createDefaultState(get().availableVersionValues)),
+  syncVersionValues: (versionValues) => {
+    set((state) => ({
+      availableVersionValues: versionValues,
+      minimumClientVersion:
+        getCurrentOrLatestVersion(versionValues.defguard, state.minimumClientVersion) ??
+        '',
+      operatingSystemState: {
+        [PostureCheckOs.Windows]: {
+          ...state.operatingSystemState[PostureCheckOs.Windows],
+          version: getCurrentOrLatestVersion(
+            versionValues.windows,
+            state.operatingSystemState[PostureCheckOs.Windows].version,
+          ),
+        },
+        [PostureCheckOs.Macos]: {
+          ...state.operatingSystemState[PostureCheckOs.Macos],
+          version: getCurrentOrLatestVersion(
+            versionValues.macos,
+            state.operatingSystemState[PostureCheckOs.Macos].version,
+          ),
+        },
+        [PostureCheckOs.Linux]: {
+          ...state.operatingSystemState[PostureCheckOs.Linux],
+          version: getCurrentOrLatestVersion(
+            versionValues.linux,
+            state.operatingSystemState[PostureCheckOs.Linux].version,
+          ),
+        },
+        [PostureCheckOs.Ios]: {
+          ...state.operatingSystemState[PostureCheckOs.Ios],
+          version: getCurrentOrLatestVersion(
+            versionValues.ios,
+            state.operatingSystemState[PostureCheckOs.Ios].version,
+          ),
+        },
+        [PostureCheckOs.Android]: {
+          ...state.operatingSystemState[PostureCheckOs.Android],
+          version: getCurrentOrLatestVersion(
+            versionValues.android,
+            state.operatingSystemState[PostureCheckOs.Android].version,
+          ),
+        },
+      },
+    }));
+  },
+  addConfiguredOperatingSystem: (value) => {
+    if (get().configuredOperatingSystems.includes(value)) {
+      return;
+    }
+
+    set({
+      configuredOperatingSystems: [...get().configuredOperatingSystems, value],
+    });
+  },
+  removeConfiguredOperatingSystem: (value) => {
+    set({
+      configuredOperatingSystems: get().configuredOperatingSystems.filter(
+        (configuredOperatingSystem) => configuredOperatingSystem !== value,
+      ),
+    });
+  },
+  next: () => {
+    const currentIndex = addPostureCheckWizardStepOrder.indexOf(get().activeStep);
+    const nextStep = addPostureCheckWizardStepOrder[currentIndex + 1];
+
+    if (nextStep) {
+      set({ activeStep: nextStep });
+    }
+  },
+  back: () => {
+    const currentIndex = addPostureCheckWizardStepOrder.indexOf(get().activeStep);
+    const previousStep = addPostureCheckWizardStepOrder[currentIndex - 1];
+
+    if (previousStep) {
+      set({ activeStep: previousStep });
+    }
+  },
+  setAllowPrereleaseClient: (value) => {
+    set({ allowPrereleaseClient: value });
+  },
+  setDescription: (value) => {
+    set({ description: value });
+  },
+  setMinimumClientVersion: (value) => {
+    set({ minimumClientVersion: value });
+  },
+  setName: (value) => {
+    set({ name: value });
+  },
+  updateOperatingSystemDetails: (operatingSystem, values) => {
+    set((state) => ({
+      operatingSystemState: {
+        ...state.operatingSystemState,
+        [operatingSystem]: {
+          ...state.operatingSystemState[operatingSystem],
+          ...values,
+        },
+      },
+    }));
+  },
+}));
diff --git a/web/src/pages/PostureChecksPage/PostureChecksPage.tsx b/web/src/pages/PostureChecksPage/PostureChecksPage.tsx
index 3fd40f4fa..0e2cc2ea4 100644
--- a/web/src/pages/PostureChecksPage/PostureChecksPage.tsx
+++ b/web/src/pages/PostureChecksPage/PostureChecksPage.tsx
@@ -1,4 +1,5 @@
 import { useInfiniteQuery, useSuspenseQuery } from '@tanstack/react-query';
+import { useNavigate } from '@tanstack/react-router';
 import type { ColumnFiltersState } from '@tanstack/react-table';
 import { Suspense, useMemo, useState } from 'react';
 import { m } from '../../paraglide/messages';
@@ -10,16 +11,19 @@ import { EmptyStateFlexible } from '../../shared/defguard-ui/components/EmptySta
 import { SizedBox } from '../../shared/defguard-ui/components/SizedBox/SizedBox';
 import { ThemeSpacing } from '../../shared/defguard-ui/types';
 import { TablePageLayout } from '../../shared/layout/TablePageLayout/TablePageLayout';
-import { getLicenseInfoQueryOptions } from '../../shared/query';
+import {
+  getDevicePostureVersionMetadataQueryOptions,
+  getLicenseInfoQueryOptions,
+} from '../../shared/query';
 import { canUseEnterpriseFeature, licenseActionCheck } from '../../shared/utils/license';
 import { PostureChecksTable } from './PostureChecksTable';
 import {
+  getPostureCheckColumnFilterOptions,
   getPostureCheckTableFilterMessages,
-  isPostureCheckFilterValue,
   mapApiDevicePostureToRow,
   mapPostureCheckFilterValueToRequestValue,
 } from './postureChecks';
-import type { PostureCheckFilterValue } from './types';
+import { getPostureCheckVersionValues } from './types';
 
 const mapColumnFiltersToRequest = (columnFilters: ColumnFiltersState) => {
   const result: Record<string, string[]> = {};
@@ -28,8 +32,8 @@ const mapColumnFiltersToRequest = (columnFilters: ColumnFiltersState) => {
     if (Array.isArray(filter.value) && filter.value.length > 0) {
       result[filter.id] = filter.value
         .filter(
-          (value): value is PostureCheckFilterValue =>
-            typeof value === 'string' && isPostureCheckFilterValue(value),
+          (value): value is string | number =>
+            typeof value === 'string' || typeof value === 'number',
         )
         .map(mapPostureCheckFilterValueToRequestValue);
     }
@@ -39,10 +43,22 @@ const mapColumnFiltersToRequest = (columnFilters: ColumnFiltersState) => {
 };
 
 const PostureChecksContent = () => {
+  const navigate = useNavigate();
   const { data: licenseInfo, isFetching: licenseInfoFetching } = useSuspenseQuery(
     getLicenseInfoQueryOptions,
   );
+  const { data: versionMetadata } = useSuspenseQuery(
+    getDevicePostureVersionMetadataQueryOptions,
+  );
   const [columnFilters, setColumnFilters] = useState<ColumnFiltersState>([]);
+  const versionValues = useMemo(
+    () => getPostureCheckVersionValues(versionMetadata),
+    [versionMetadata],
+  );
+  const columnFilterOptions = useMemo(
+    () => getPostureCheckColumnFilterOptions(versionValues),
+    [versionValues],
+  );
   const requestFilters = useMemo(
     () => mapColumnFiltersToRequest(columnFilters),
     [columnFilters],
@@ -83,11 +99,11 @@ const PostureChecksContent = () => {
       testId: 'add-posture-check',
       onClick: () => {
         licenseActionCheck(canUseEnterpriseFeature(licenseInfo), () => {
-          // TODO: Implement add posture check flow
+          void navigate({ to: '/add-posture-check' });
         });
       },
     }),
-    [licenseInfo, licenseInfoFetching],
+    [licenseInfo, licenseInfoFetching, navigate],
   );
 
   if (isLoading) {
@@ -99,6 +115,7 @@ const PostureChecksContent = () => {
       {postureChecks.length > 0 || columnFilters.length > 0 ? (
         <PostureChecksTable
           addButtonProps={addButtonProps}
+          columnFilterOptions={columnFilterOptions}
           columnFilters={columnFilters}
           filterMessages={filterMessages}
           hasNextPage={pagination?.next_page !== null}
diff --git a/web/src/pages/PostureChecksPage/PostureChecksTable.tsx b/web/src/pages/PostureChecksPage/PostureChecksTable.tsx
index 06ef72d76..99dcb8792 100644
--- a/web/src/pages/PostureChecksPage/PostureChecksTable.tsx
+++ b/web/src/pages/PostureChecksPage/PostureChecksTable.tsx
@@ -21,11 +21,12 @@ import { TableEditCell } from '../../shared/defguard-ui/components/table/TableEd
 import { TableTop } from '../../shared/defguard-ui/components/table/TableTop/TableTop';
 import type { TableFilterMessages } from '../../shared/defguard-ui/components/table/types';
 import { Snackbar } from '../../shared/defguard-ui/providers/snackbar/snackbar';
-import { type PostureCheckRow, postureCheckColumnFilterOptions } from './postureChecks';
+import type { PostureCheckColumnFilterOptions, PostureCheckRow } from './postureChecks';
 import './style.scss';
 
 type Props = {
   addButtonProps: ButtonProps;
+  columnFilterOptions: PostureCheckColumnFilterOptions;
   columnFilters: ColumnFiltersState;
   filterMessages: TableFilterMessages;
   hasNextPage: boolean;
@@ -39,6 +40,7 @@ const columnHelper = createColumnHelper<PostureCheckRow>();
 
 export const PostureChecksTable = ({
   addButtonProps,
+  columnFilterOptions,
   columnFilters,
   filterMessages,
   hasNextPage,
@@ -67,7 +69,7 @@ export const PostureChecksTable = ({
         enableColumnFilter: true,
         filterFn: 'arrIncludesSome',
         meta: {
-          filterOptions: postureCheckColumnFilterOptions.windows,
+          filterOptions: columnFilterOptions.windows,
         },
         cell: (info) => (
           <TableCell>
@@ -82,7 +84,7 @@ export const PostureChecksTable = ({
         enableColumnFilter: true,
         filterFn: 'arrIncludesSome',
         meta: {
-          filterOptions: postureCheckColumnFilterOptions.macos,
+          filterOptions: columnFilterOptions.macos,
         },
         cell: (info) => (
           <TableCell>
@@ -97,7 +99,7 @@ export const PostureChecksTable = ({
         enableColumnFilter: true,
         filterFn: 'arrIncludesSome',
         meta: {
-          filterOptions: postureCheckColumnFilterOptions.linux,
+          filterOptions: columnFilterOptions.linux,
         },
         cell: (info) => (
           <TableCell>
@@ -112,7 +114,7 @@ export const PostureChecksTable = ({
         enableColumnFilter: true,
         filterFn: 'arrIncludesSome',
         meta: {
-          filterOptions: postureCheckColumnFilterOptions.ios,
+          filterOptions: columnFilterOptions.ios,
         },
         cell: (info) => (
           <TableCell>
@@ -127,7 +129,7 @@ export const PostureChecksTable = ({
         enableColumnFilter: true,
         filterFn: 'arrIncludesSome',
         meta: {
-          filterOptions: postureCheckColumnFilterOptions.android,
+          filterOptions: columnFilterOptions.android,
         },
         cell: (info) => (
           <TableCell>
@@ -142,7 +144,7 @@ export const PostureChecksTable = ({
         enableColumnFilter: true,
         filterFn: 'arrIncludesSome',
         meta: {
-          filterOptions: postureCheckColumnFilterOptions.defguard,
+          filterOptions: columnFilterOptions.defguard,
         },
         cell: (info) => (
           <TableCell>
@@ -203,7 +205,7 @@ export const PostureChecksTable = ({
         },
       }),
     ],
-    [],
+    [columnFilterOptions],
   );
 
   const table = useReactTable({
diff --git a/web/src/pages/PostureChecksPage/postureChecks.ts b/web/src/pages/PostureChecksPage/postureChecks.ts
index 4f7a39486..7c8008263 100644
--- a/web/src/pages/PostureChecksPage/postureChecks.ts
+++ b/web/src/pages/PostureChecksPage/postureChecks.ts
@@ -8,7 +8,8 @@ import {
   PostureCheckOs,
   type PostureCheckOsValue,
   PostureCheckRequirement,
-  postureCheckVersionValues,
+  type PostureCheckRequirementValue,
+  type PostureCheckVersionValues,
 } from './types';
 
 export type PostureCheckRow = {
@@ -32,90 +33,37 @@ const emptyRequirement = '-';
 
 type PostureCheckFilterDefinition = {
   label: string;
-  requestValue: string;
 };
 
-const postureCheckFilterDefinitions = {
-  'Windows 10': { label: 'Windows 10', requestValue: 'Windows 10' },
-  'Windows 11': { label: 'Windows 11', requestValue: 'Windows 11' },
-  'macOS 13 Ventura': {
-    label: 'macOS 13 Ventura',
-    requestValue: 'macOS 13 Ventura',
-  },
-  'macOS 14 Sonoma': {
-    label: 'macOS 14 Sonoma',
-    requestValue: 'macOS 14 Sonoma',
-  },
-  'macOS 15 Sequoia': {
-    label: 'macOS 15 Sequoia',
-    requestValue: 'macOS 15 Sequoia',
-  },
-  'macOS 26 Tahoe': {
-    label: 'macOS 26 Tahoe',
-    requestValue: 'macOS 26 Tahoe',
-  },
-  '5.x': { label: 'Kernel 5.x', requestValue: '5.x' },
-  '6.x': { label: 'Kernel 6.x', requestValue: '6.x' },
-  '7.x': { label: 'Kernel 7.x', requestValue: '7.x' },
-  '17': { label: 'iOS 17+', requestValue: '17' },
-  '18': { label: 'iOS 18+', requestValue: '18' },
-  '26': { label: 'iOS 26+', requestValue: '26' },
-  '13': { label: 'Android 13+', requestValue: '13' },
-  '14': { label: 'Android 14+', requestValue: '14' },
-  '15': { label: 'Android 15+', requestValue: '15' },
-  '16': { label: 'Android 16+', requestValue: '16' },
-  '1.6': { label: 'Defguard 1.6+', requestValue: '1.6' },
-  '2.0': { label: 'Defguard 2.0+', requestValue: '2.0' },
+export type PostureCheckColumnFilterOptions = {
+  windows: SelectionOption<PostureCheckFilterValue>[];
+  macos: SelectionOption<PostureCheckFilterValue>[];
+  linux: SelectionOption<PostureCheckFilterValue>[];
+  ios: SelectionOption<PostureCheckFilterValue>[];
+  android: SelectionOption<PostureCheckFilterValue>[];
+  defguard: SelectionOption<PostureCheckFilterValue>[];
+};
+
+const requirementFilterDefinitions = {
   [PostureCheckRequirement.DiskEncryption]: {
     label: PostureCheckRequirement.DiskEncryption,
-    requestValue: PostureCheckRequirement.DiskEncryption,
   },
   [PostureCheckRequirement.Antivirus]: {
     label: PostureCheckRequirement.Antivirus,
-    requestValue: PostureCheckRequirement.Antivirus,
   },
   [PostureCheckRequirement.AdJoined]: {
     label: PostureCheckRequirement.AdJoined,
-    requestValue: PostureCheckRequirement.AdJoined,
   },
   [PostureCheckRequirement.SecurityUpdates]: {
     label: PostureCheckRequirement.SecurityUpdates,
-    requestValue: PostureCheckRequirement.SecurityUpdates,
   },
   [PostureCheckRequirement.DeviceIntegrity]: {
     label: PostureCheckRequirement.DeviceIntegrity,
-    requestValue: PostureCheckRequirement.DeviceIntegrity,
   },
   [PostureCheckRequirement.PrereleaseAllowed]: {
     label: PostureCheckRequirement.PrereleaseAllowed,
-    requestValue: PostureCheckRequirement.PrereleaseAllowed,
   },
-} as const satisfies Record<PostureCheckFilterValue, PostureCheckFilterDefinition>;
-
-export const postureCheckFilterOptions = {
-  windows: [
-    ...postureCheckVersionValues.windows,
-    PostureCheckRequirement.DiskEncryption,
-    PostureCheckRequirement.Antivirus,
-    PostureCheckRequirement.AdJoined,
-    PostureCheckRequirement.SecurityUpdates,
-  ],
-  macos: [
-    ...postureCheckVersionValues.macos,
-    PostureCheckRequirement.DiskEncryption,
-    PostureCheckRequirement.DeviceIntegrity,
-  ],
-  linux: [...postureCheckVersionValues.linux, PostureCheckRequirement.DiskEncryption],
-  ios: postureCheckVersionValues.ios,
-  android: [
-    ...postureCheckVersionValues.android,
-    PostureCheckRequirement.DeviceIntegrity,
-  ],
-  defguard: [
-    ...postureCheckVersionValues.defguard,
-    PostureCheckRequirement.PrereleaseAllowed,
-  ],
-} as const;
+} as const satisfies Record<PostureCheckRequirementValue, PostureCheckFilterDefinition>;
 
 export const getPostureCheckTableFilterMessages = (): TableFilterMessages => ({
   searchPlaceholder: m.controls_search(),
@@ -126,31 +74,65 @@ export const getPostureCheckTableFilterMessages = (): TableFilterMessages => ({
 
 const toSelectionOptions = <T extends PostureCheckFilterValue>(
   values: readonly T[],
-): SelectionOption<T>[] =>
+  getLabel: (value: T) => string,
+): SelectionOption<PostureCheckFilterValue>[] =>
   values.map((value) => ({
     id: value,
-    label: postureCheckFilterDefinitions[value].label,
+    label: getLabel(value),
   }));
 
-export const postureCheckColumnFilterOptions = {
-  windows: toSelectionOptions(postureCheckFilterOptions.windows),
-  macos: toSelectionOptions(postureCheckFilterOptions.macos),
-  linux: toSelectionOptions(postureCheckFilterOptions.linux),
-  ios: toSelectionOptions(postureCheckFilterOptions.ios),
-  android: toSelectionOptions(postureCheckFilterOptions.android),
-  defguard: toSelectionOptions(postureCheckFilterOptions.defguard),
-};
+const toRequirementSelectionOptions = (
+  values: readonly PostureCheckRequirementValue[],
+): SelectionOption<PostureCheckFilterValue>[] =>
+  values.map((value) => ({
+    id: value,
+    label: requirementFilterDefinitions[value].label,
+  }));
+
+export const getPostureCheckColumnFilterOptions = (
+  versionValues: PostureCheckVersionValues,
+): PostureCheckColumnFilterOptions => ({
+  windows: [
+    ...toSelectionOptions(versionValues.windows, (value) => value.toString()),
+    ...toRequirementSelectionOptions([
+      PostureCheckRequirement.DiskEncryption,
+      PostureCheckRequirement.Antivirus,
+      PostureCheckRequirement.AdJoined,
+      PostureCheckRequirement.SecurityUpdates,
+    ]),
+  ],
+  macos: [
+    ...toSelectionOptions(versionValues.macos, (value) => value.toString()),
+    ...toRequirementSelectionOptions([
+      PostureCheckRequirement.DiskEncryption,
+      PostureCheckRequirement.DeviceIntegrity,
+    ]),
+  ],
+  linux: [
+    ...toSelectionOptions(versionValues.linux, (value) => `Kernel ${value}`),
+    ...toRequirementSelectionOptions([PostureCheckRequirement.DiskEncryption]),
+  ],
+  ios: toSelectionOptions(versionValues.ios, (value) => `iOS ${value}+`),
+  android: [
+    ...toSelectionOptions(versionValues.android, (value) => `Android ${value}+`),
+    ...toRequirementSelectionOptions([PostureCheckRequirement.DeviceIntegrity]),
+  ],
+  defguard: [
+    ...toSelectionOptions(versionValues.defguard, (value) => `Defguard ${value}+`),
+    ...toRequirementSelectionOptions([PostureCheckRequirement.PrereleaseAllowed]),
+  ],
+});
 
 export const mapPostureCheckFilterValueToRequestValue = (
   value: PostureCheckFilterValue,
-) => postureCheckFilterDefinitions[value].requestValue;
+) => (typeof value === 'number' ? value.toString() : value);
 
 export const isPostureCheckFilterValue = (
-  value: string,
-): value is PostureCheckFilterValue => value in postureCheckFilterDefinitions;
+  value: string | number,
+): value is PostureCheckFilterValue => typeof value === 'number' || value.length > 0;
 
-const mapVersionFilterValue = (value: string | undefined | null) =>
-  value && isPostureCheckFilterValue(value) ? value : undefined;
+const mapVersionFilterValue = (value: number | string | undefined | null) =>
+  value ?? undefined;
 
 const joinRequirementParts = (parts: Array<string | null | undefined | false>) => {
   const filteredParts = parts.filter((part): part is string => Boolean(part));
@@ -159,7 +141,9 @@ const joinRequirementParts = (parts: Array<string | null | undefined | false>) =
 };
 
 const joinFilters = (parts: Array<PostureCheckFilterValue | null | undefined | false>) =>
-  parts.filter((part): part is PostureCheckFilterValue => Boolean(part));
+  parts.filter(
+    (part): part is PostureCheckFilterValue => part !== false && isPresent(part),
+  );
 
 type PostureCheckRuleParts = {
   summaryParts: Array<string | null | undefined | false>;
@@ -182,7 +166,7 @@ const getOsRuleParts = (
     case PostureCheckOs.Windows:
       return {
         summaryParts: [
-          rule.min_os_version,
+          rule.min_os_version?.toString(),
           rule.disk_encryption_required && PostureCheckRequirement.DiskEncryption,
           rule.antivirus_required && PostureCheckRequirement.Antivirus,
           rule.ad_domain_joined_required && PostureCheckRequirement.AdJoined,
@@ -199,7 +183,7 @@ const getOsRuleParts = (
     case PostureCheckOs.Macos:
       return {
         summaryParts: [
-          rule.min_os_version,
+          rule.min_os_version?.toString(),
           rule.disk_encryption_required && PostureCheckRequirement.DiskEncryption,
           rule.device_integrity_required && PostureCheckRequirement.DeviceIntegrity,
         ],
diff --git a/web/src/pages/PostureChecksPage/types.ts b/web/src/pages/PostureChecksPage/types.ts
index f44f42998..cf952e686 100644
--- a/web/src/pages/PostureChecksPage/types.ts
+++ b/web/src/pages/PostureChecksPage/types.ts
@@ -1,3 +1,5 @@
+import type { DevicePostureVersionMetadata } from '../../shared/api/types';
+
 export const PostureCheckOs = {
   Windows: 'windows',
   Macos: 'macos',
@@ -8,14 +10,26 @@ export const PostureCheckOs = {
 
 export type PostureCheckOsValue = (typeof PostureCheckOs)[keyof typeof PostureCheckOs];
 
-export const postureCheckVersionValues = {
-  windows: ['Windows 10', 'Windows 11'],
-  macos: ['macOS 13 Ventura', 'macOS 14 Sonoma', 'macOS 15 Sequoia', 'macOS 26 Tahoe'],
-  linux: ['5.x', '6.x', '7.x'],
-  ios: ['17', '18', '26'],
-  android: ['13', '14', '15', '16'],
-  defguard: ['1.6', '2.0'],
-} as const;
+export type PostureCheckOsVersionValue = number;
+export type PostureCheckDefguardVersionValue = string;
+
+export type PostureCheckVersionValues = Record<
+  PostureCheckOsValue,
+  readonly PostureCheckOsVersionValue[]
+> & {
+  defguard: readonly PostureCheckDefguardVersionValue[];
+};
+
+export const getPostureCheckVersionValues = (
+  metadata: DevicePostureVersionMetadata,
+): PostureCheckVersionValues => ({
+  windows: metadata.os_versions.windows,
+  macos: metadata.os_versions.macos,
+  linux: metadata.linux_kernel_versions,
+  ios: metadata.os_versions.ios,
+  android: metadata.os_versions.android,
+  defguard: metadata.client_versions,
+});
 
 export const PostureCheckRequirement = {
   DiskEncryption: 'Disk encryption',
@@ -26,19 +40,9 @@ export const PostureCheckRequirement = {
   PrereleaseAllowed: 'Pre-release allowed',
 } as const;
 
-type ArrayValues<T extends readonly string[]> = T[number];
-
 export type PostureCheckRequirementValue =
   (typeof PostureCheckRequirement)[keyof typeof PostureCheckRequirement];
 
-export type PostureCheckVersionValue =
-  | ArrayValues<(typeof postureCheckVersionValues)['windows']>
-  | ArrayValues<(typeof postureCheckVersionValues)['macos']>
-  | ArrayValues<(typeof postureCheckVersionValues)['linux']>
-  | ArrayValues<(typeof postureCheckVersionValues)['ios']>
-  | ArrayValues<(typeof postureCheckVersionValues)['android']>
-  | ArrayValues<(typeof postureCheckVersionValues)['defguard']>;
-
-export type PostureCheckFilterValue =
-  | PostureCheckVersionValue
-  | PostureCheckRequirementValue;
+export type PostureCheckVersionValue = PostureCheckOsVersionValue;
+
+export type PostureCheckFilterValue = string | number;
diff --git a/web/src/routeTree.gen.ts b/web/src/routeTree.gen.ts
index f36847bcb..5fe8d5403 100644
--- a/web/src/routeTree.gen.ts
+++ b/web/src/routeTree.gen.ts
@@ -35,6 +35,7 @@ import { Route as WizardMigrationLocationsRouteImport } from './routes/_wizard/m
 import { Route as AuthorizedWizardSetupEdgeRouteImport } from './routes/_authorized/_wizard/setup-edge'
 import { Route as AuthorizedWizardSettingsEdgeCertificateRouteImport } from './routes/_authorized/_wizard/settings-edge-certificate'
 import { Route as AuthorizedWizardSettingsCoreCertificateRouteImport } from './routes/_authorized/_wizard/settings-core-certificate'
+import { Route as AuthorizedWizardAddPostureCheckRouteImport } from './routes/_authorized/_wizard/add-posture-check'
 import { Route as AuthorizedWizardAddLocationRouteImport } from './routes/_authorized/_wizard/add-location'
 import { Route as AuthorizedWizardAddExternalOpenidRouteImport } from './routes/_authorized/_wizard/add-external-openid'
 import { Route as AuthorizedDefaultWebhooksRouteImport } from './routes/_authorized/_default/webhooks'
@@ -206,6 +207,12 @@ const AuthorizedWizardSettingsCoreCertificateRoute =
     path: '/settings-core-certificate',
     getParentRoute: () => AuthorizedRoute,
   } as any)
+const AuthorizedWizardAddPostureCheckRoute =
+  AuthorizedWizardAddPostureCheckRouteImport.update({
+    id: '/_wizard/add-posture-check',
+    path: '/add-posture-check',
+    getParentRoute: () => AuthorizedRoute,
+  } as any)
 const AuthorizedWizardAddLocationRoute =
   AuthorizedWizardAddLocationRouteImport.update({
     id: '/_wizard/add-location',
@@ -458,6 +465,7 @@ export interface FileRoutesByFullPath {
   '/webhooks': typeof AuthorizedDefaultWebhooksRoute
   '/add-external-openid': typeof AuthorizedWizardAddExternalOpenidRoute
   '/add-location': typeof AuthorizedWizardAddLocationRoute
+  '/add-posture-check': typeof AuthorizedWizardAddPostureCheckRoute
   '/settings-core-certificate': typeof AuthorizedWizardSettingsCoreCertificateRoute
   '/settings-edge-certificate': typeof AuthorizedWizardSettingsEdgeCertificateRoute
   '/setup-edge': typeof AuthorizedWizardSetupEdgeRoute
@@ -521,6 +529,7 @@ export interface FileRoutesByTo {
   '/webhooks': typeof AuthorizedDefaultWebhooksRoute
   '/add-external-openid': typeof AuthorizedWizardAddExternalOpenidRoute
   '/add-location': typeof AuthorizedWizardAddLocationRoute
+  '/add-posture-check': typeof AuthorizedWizardAddPostureCheckRoute
   '/settings-core-certificate': typeof AuthorizedWizardSettingsCoreCertificateRoute
   '/settings-edge-certificate': typeof AuthorizedWizardSettingsEdgeCertificateRoute
   '/setup-edge': typeof AuthorizedWizardSetupEdgeRoute
@@ -588,6 +597,7 @@ export interface FileRoutesById {
   '/_authorized/_default/webhooks': typeof AuthorizedDefaultWebhooksRoute
   '/_authorized/_wizard/add-external-openid': typeof AuthorizedWizardAddExternalOpenidRoute
   '/_authorized/_wizard/add-location': typeof AuthorizedWizardAddLocationRoute
+  '/_authorized/_wizard/add-posture-check': typeof AuthorizedWizardAddPostureCheckRoute
   '/_authorized/_wizard/settings-core-certificate': typeof AuthorizedWizardSettingsCoreCertificateRoute
   '/_authorized/_wizard/settings-edge-certificate': typeof AuthorizedWizardSettingsEdgeCertificateRoute
   '/_authorized/_wizard/setup-edge': typeof AuthorizedWizardSetupEdgeRoute
@@ -654,6 +664,7 @@ export interface FileRouteTypes {
     | '/webhooks'
     | '/add-external-openid'
     | '/add-location'
+    | '/add-posture-check'
     | '/settings-core-certificate'
     | '/settings-edge-certificate'
     | '/setup-edge'
@@ -717,6 +728,7 @@ export interface FileRouteTypes {
     | '/webhooks'
     | '/add-external-openid'
     | '/add-location'
+    | '/add-posture-check'
     | '/settings-core-certificate'
     | '/settings-edge-certificate'
     | '/setup-edge'
@@ -783,6 +795,7 @@ export interface FileRouteTypes {
     | '/_authorized/_default/webhooks'
     | '/_authorized/_wizard/add-external-openid'
     | '/_authorized/_wizard/add-location'
+    | '/_authorized/_wizard/add-posture-check'
     | '/_authorized/_wizard/settings-core-certificate'
     | '/_authorized/_wizard/settings-edge-certificate'
     | '/_authorized/_wizard/setup-edge'
@@ -1020,6 +1033,13 @@ declare module '@tanstack/react-router' {
       preLoaderRoute: typeof AuthorizedWizardSettingsCoreCertificateRouteImport
       parentRoute: typeof AuthorizedRoute
     }
+    '/_authorized/_wizard/add-posture-check': {
+      id: '/_authorized/_wizard/add-posture-check'
+      path: '/add-posture-check'
+      fullPath: '/add-posture-check'
+      preLoaderRoute: typeof AuthorizedWizardAddPostureCheckRouteImport
+      parentRoute: typeof AuthorizedRoute
+    }
     '/_authorized/_wizard/add-location': {
       id: '/_authorized/_wizard/add-location'
       path: '/add-location'
@@ -1385,6 +1405,7 @@ interface AuthorizedRouteChildren {
   AuthorizedPlaygroundRoute: typeof AuthorizedPlaygroundRoute
   AuthorizedWizardAddExternalOpenidRoute: typeof AuthorizedWizardAddExternalOpenidRoute
   AuthorizedWizardAddLocationRoute: typeof AuthorizedWizardAddLocationRoute
+  AuthorizedWizardAddPostureCheckRoute: typeof AuthorizedWizardAddPostureCheckRoute
   AuthorizedWizardSettingsCoreCertificateRoute: typeof AuthorizedWizardSettingsCoreCertificateRoute
   AuthorizedWizardSettingsEdgeCertificateRoute: typeof AuthorizedWizardSettingsEdgeCertificateRoute
   AuthorizedWizardSetupEdgeRoute: typeof AuthorizedWizardSetupEdgeRoute
@@ -1396,6 +1417,7 @@ const AuthorizedRouteChildren: AuthorizedRouteChildren = {
   AuthorizedWizardAddExternalOpenidRoute:
     AuthorizedWizardAddExternalOpenidRoute,
   AuthorizedWizardAddLocationRoute: AuthorizedWizardAddLocationRoute,
+  AuthorizedWizardAddPostureCheckRoute: AuthorizedWizardAddPostureCheckRoute,
   AuthorizedWizardSettingsCoreCertificateRoute:
     AuthorizedWizardSettingsCoreCertificateRoute,
   AuthorizedWizardSettingsEdgeCertificateRoute:
diff --git a/web/src/routes/_authorized/_default/acl/posture-checks.tsx b/web/src/routes/_authorized/_default/acl/posture-checks.tsx
index 872806656..6c6631fbf 100644
--- a/web/src/routes/_authorized/_default/acl/posture-checks.tsx
+++ b/web/src/routes/_authorized/_default/acl/posture-checks.tsx
@@ -1,6 +1,9 @@
 import { createFileRoute } from '@tanstack/react-router';
 import { PostureChecksPage } from '../../../../pages/PostureChecksPage/PostureChecksPage';
+import { getDevicePostureVersionMetadataQueryOptions } from '../../../../shared/query';
 
 export const Route = createFileRoute('/_authorized/_default/acl/posture-checks')({
+  loader: ({ context }) =>
+    context.queryClient.fetchQuery(getDevicePostureVersionMetadataQueryOptions),
   component: PostureChecksPage,
 });
diff --git a/web/src/routes/_authorized/_wizard/add-posture-check.tsx b/web/src/routes/_authorized/_wizard/add-posture-check.tsx
new file mode 100644
index 000000000..c03963825
--- /dev/null
+++ b/web/src/routes/_authorized/_wizard/add-posture-check.tsx
@@ -0,0 +1,9 @@
+import { createFileRoute } from '@tanstack/react-router';
+import { AddPostureCheckWizardPage } from '../../../pages/AddPostureCheckWizardPage/AddPostureCheckWizardPage';
+import { getDevicePostureVersionMetadataQueryOptions } from '../../../shared/query';
+
+export const Route = createFileRoute('/_authorized/_wizard/add-posture-check')({
+  loader: ({ context }) =>
+    context.queryClient.fetchQuery(getDevicePostureVersionMetadataQueryOptions),
+  component: AddPostureCheckWizardPage,
+});
diff --git a/web/src/shared/api/api.ts b/web/src/shared/api/api.ts
index b7be2fa0e..376059066 100644
--- a/web/src/shared/api/api.ts
+++ b/web/src/shared/api/api.ts
@@ -47,11 +47,13 @@ import type {
   Device,
   DeviceLocationIpsResponse,
   DevicePostureListFilters,
+  DevicePostureVersionMetadata,
   Edge,
   EdgeInfo,
   EditAclAliasRequest,
   EditAclDestination,
   EditAclRuleRequest,
+  EditDevicePostureRequest,
   EditGroupRequest,
   EditNetworkDeviceRequest,
   EditNetworkLocation,
@@ -436,6 +438,12 @@ const api = {
       client.post(`/device/user/${username}/ip/validate`, data),
   },
   devicePosture: {
+    addDevicePosture: (data: EditDevicePostureRequest) =>
+      client.post<ApiDevicePosture>('/device-posture', removeEmptyStrings(data)),
+    editDevicePosture: (id: number, data: EditDevicePostureRequest) =>
+      client.put<ApiDevicePosture>(`/device-posture/${id}`, removeEmptyStrings(data)),
+    getDevicePostureVersionMetadata: () =>
+      client.get<DevicePostureVersionMetadata>('/device-posture/versions'),
     getDevicePosturesPage: (params?: DevicePostureListFilters) =>
       fetchPage<ApiDevicePosture>('/device-posture', params),
   },
diff --git a/web/src/shared/api/types.ts b/web/src/shared/api/types.ts
index aa9f1b4e7..b3a4a1554 100644
--- a/web/src/shared/api/types.ts
+++ b/web/src/shared/api/types.ts
@@ -900,7 +900,7 @@ export interface SettingsEnterprise {
 export type ApiDevicePostureOsRule =
   | {
       os_type: 'windows';
-      min_os_version: string | null;
+      min_os_version: number | null;
       disk_encryption_required: boolean | null;
       antivirus_required: boolean | null;
       ad_domain_joined_required: boolean | null;
@@ -908,25 +908,27 @@ export type ApiDevicePostureOsRule =
     }
   | {
       os_type: 'macos';
-      min_os_version: string | null;
+      min_os_version: number | null;
       disk_encryption_required: boolean | null;
       device_integrity_required: boolean | null;
     }
   | {
       os_type: 'linux';
-      min_kernel_version: string | null;
+      min_kernel_version: number | null;
       disk_encryption_required: boolean | null;
     }
   | {
       os_type: 'ios';
-      min_os_version: string | null;
+      min_os_version: number | null;
     }
   | {
       os_type: 'android';
-      min_os_version: string | null;
+      min_os_version: number | null;
       device_integrity_required: boolean | null;
     };
 
+export type EditDevicePostureOsRule = ApiDevicePostureOsRule;
+
 export interface ApiDevicePosture {
   id: number;
   name: string;
@@ -937,6 +939,27 @@ export interface ApiDevicePosture {
   locations: number[];
 }
 
+export interface EditDevicePostureRequest {
+  name: string;
+  description: string | null;
+  min_client_version: string | null;
+  allow_prerelease_client: boolean;
+  os_rules: EditDevicePostureOsRule[];
+}
+
+export interface DevicePostureOsVersionCatalog {
+  windows: number[];
+  macos: number[];
+  ios: number[];
+  android: number[];
+}
+
+export interface DevicePostureVersionMetadata {
+  os_versions: DevicePostureOsVersionCatalog;
+  linux_kernel_versions: number[];
+  client_versions: string[];
+}
+
 export type InitialSetupStepValue =
   | 'welcome'
   | 'admin_user'
diff --git a/web/src/shared/components/Navigation/Navigation.tsx b/web/src/shared/components/Navigation/Navigation.tsx
index 17eec2b62..54b90b983 100644
--- a/web/src/shared/components/Navigation/Navigation.tsx
+++ b/web/src/shared/components/Navigation/Navigation.tsx
@@ -115,7 +115,7 @@ const navigationConfig: NavGroupProps[] = [
       },
       {
         id: 'posture_checks',
-        icon: 'protection',
+        icon: 'connected-devices',
         label: m.cmp_nav_item_posture_checks(),
         link: '/acl/posture-checks',
         licenseTier: LicenseTier.Enterprise,
diff --git a/web/src/shared/components/policyPostures/PolicyOsCard/style.scss b/web/src/shared/components/policyPostures/PolicyOsCard/style.scss
index 40200e493..7429d0243 100644
--- a/web/src/shared/components/policyPostures/PolicyOsCard/style.scss
+++ b/web/src/shared/components/policyPostures/PolicyOsCard/style.scss
@@ -5,6 +5,9 @@
   }
 
   &.card {
+    background-color: var(--bg-default);
+    border: var(--border-1) solid var(--border-default);
+    border-radius: var(--radius-lg);
     padding: var(--spacing-sm) var(--spacing-xs) var(--spacing-xl) var(--spacing-lg);
 
     > .content {
diff --git a/web/src/shared/defguard-ui b/web/src/shared/defguard-ui
index dfe59924a..034614b3d 160000
--- a/web/src/shared/defguard-ui
+++ b/web/src/shared/defguard-ui
@@ -1 +1 @@
-Subproject commit dfe59924af8ae3c8d008d572d24d26dd8f07537c
+Subproject commit 034614b3dc8c43fae41c2c79e9c3993d2f732eb8
diff --git a/web/src/shared/query.ts b/web/src/shared/query.ts
index 8d59e713a..250a9d491 100644
--- a/web/src/shared/query.ts
+++ b/web/src/shared/query.ts
@@ -208,6 +208,15 @@ export const getSettingsQueryOptions = queryOptions({
   select: (resp) => resp.data,
 });
 
+export const getDevicePostureVersionMetadataQueryOptions = queryOptions({
+  queryFn: api.devicePosture.getDevicePostureVersionMetadata,
+  queryKey: ['device-posture', 'versions'],
+  select: (resp) => resp.data,
+  staleTime: Infinity,
+  refetchOnWindowFocus: false,
+  refetchOnReconnect: true,
+});
+
 export const getOpenIdProvidersQueryOptions = queryOptions({
   queryFn: api.openIdProvider.getOpenIdProvider,
   queryKey: ['openid', 'provider'],
diff --git a/web/src/shared/utils/userOnlineStatus.ts b/web/src/shared/utils/userOnlineStatus.ts
index 7c41cbf85..5f7363bb3 100644
--- a/web/src/shared/utils/userOnlineStatus.ts
+++ b/web/src/shared/utils/userOnlineStatus.ts
@@ -1,6 +1,10 @@
 import type { Device, User } from '../api/types';
 
-export const isDeviceOnline = (device: Device): boolean =>
+type OnlineDevice = Pick<Device, 'networks'>;
+type OnlineUser = Pick<User, 'devices'>;
+
+export const isDeviceOnline = (device: OnlineDevice): boolean =>
   device.networks.some((network) => network.is_active);
 
-export const isUserOnline = (user: User): boolean => user.devices.some(isDeviceOnline);
+export const isUserOnline = (user: OnlineUser): boolean =>
+  user.devices.some(isDeviceOnline);
diff --git a/web/tests/add-posture-check-operating-system-version-labels.test.ts b/web/tests/add-posture-check-operating-system-version-labels.test.ts
new file mode 100644
index 000000000..35bac2849
--- /dev/null
+++ b/web/tests/add-posture-check-operating-system-version-labels.test.ts
@@ -0,0 +1,23 @@
+import { describe, expect, it } from 'vitest';
+import { getOperatingSystemVersionOptionLabel } from '../src/pages/AddPostureCheckWizardPage/operatingSystemVersionLabels';
+import { PostureCheckOs } from '../src/pages/PostureChecksPage/types';
+
+describe('add posture check operating-system version labels', () => {
+  it('includes explicit platform names for operating-system version thresholds', () => {
+    expect(getOperatingSystemVersionOptionLabel(PostureCheckOs.Windows, 11)).toBe(
+      'Windows 11 or higher',
+    );
+    expect(getOperatingSystemVersionOptionLabel(PostureCheckOs.Macos, 26)).toBe(
+      'macOS 26 or higher',
+    );
+    expect(getOperatingSystemVersionOptionLabel(PostureCheckOs.Linux, 6)).toBe(
+      'Kernel 6 or higher',
+    );
+    expect(getOperatingSystemVersionOptionLabel(PostureCheckOs.Ios, 18)).toBe(
+      'iOS 18 or higher',
+    );
+    expect(getOperatingSystemVersionOptionLabel(PostureCheckOs.Android, 16)).toBe(
+      'Android 16 or higher',
+    );
+  });
+});
diff --git a/web/tests/add-posture-check-summary.test.ts b/web/tests/add-posture-check-summary.test.ts
new file mode 100644
index 000000000..2dbd45ba3
--- /dev/null
+++ b/web/tests/add-posture-check-summary.test.ts
@@ -0,0 +1,37 @@
+import { describe, expect, it } from 'vitest';
+import {
+  buildClientSummarySection,
+  buildOperatingSystemSummarySection,
+} from '../src/pages/AddPostureCheckWizardPage/summary';
+import { PostureCheckOs } from '../src/pages/PostureChecksPage/types';
+
+describe('add posture check summary helpers', () => {
+  it('builds a windows summary section from the selected operating-system requirements', () => {
+    expect(
+      buildOperatingSystemSummarySection(PostureCheckOs.Windows, {
+        conditions: ['active-directory', 'antivirus'],
+        securityUpdates: true,
+        version: 10,
+      }),
+    ).toEqual({
+      icon: 'windows',
+      label: 'Windows',
+      lines: [
+        { emphasized: true, text: '10 and higher' },
+        { text: 'Connected to Active Directory' },
+        { text: 'Antivirus installed' },
+      ],
+    });
+  });
+
+  it('builds the defguard summary section from the client-version settings', () => {
+    expect(buildClientSummarySection('2.0', true)).toEqual({
+      icon: 'defguard',
+      label: 'Defguard',
+      lines: [
+        { emphasized: true, text: 'Defguard 2.0 and higher' },
+        { text: 'Allow pre-release versions of the Defguard client.' },
+      ],
+    });
+  });
+});
diff --git a/web/tests/add-posture-check-wizard-store.test.ts b/web/tests/add-posture-check-wizard-store.test.ts
new file mode 100644
index 000000000..dc9fe7d47
--- /dev/null
+++ b/web/tests/add-posture-check-wizard-store.test.ts
@@ -0,0 +1,106 @@
+import { beforeEach, describe, expect, it } from 'vitest';
+import { useAddPostureCheckWizardStore } from '../src/pages/AddPostureCheckWizardPage/useAddPostureCheckWizardStore';
+import {
+  getPostureCheckVersionValues,
+  PostureCheckOs,
+} from '../src/pages/PostureChecksPage/types';
+import type { DevicePostureVersionMetadata } from '../src/shared/api/types';
+
+const versionValues = getPostureCheckVersionValues({
+  os_versions: {
+    windows: [10, 11],
+    macos: [13, 14, 15, 26],
+    ios: [17, 18, 26],
+    android: [13, 14, 15, 16],
+  },
+  linux_kernel_versions: [5, 6, 7],
+  client_versions: ['1.6', '2.0'],
+} satisfies DevicePostureVersionMetadata);
+
+describe('add posture check wizard store', () => {
+  beforeEach(() => {
+    useAddPostureCheckWizardStore.getState().reset();
+    useAddPostureCheckWizardStore.getState().syncVersionValues(versionValues);
+  });
+
+  it('stores defguard client-version settings and restores their defaults on reset', () => {
+    expect(useAddPostureCheckWizardStore.getState().minimumClientVersion).toBe(
+      versionValues.defguard[versionValues.defguard.length - 1],
+    );
+    expect(useAddPostureCheckWizardStore.getState().allowPrereleaseClient).toBe(false);
+
+    useAddPostureCheckWizardStore.getState().setMinimumClientVersion('1.6');
+    useAddPostureCheckWizardStore.getState().setAllowPrereleaseClient(true);
+
+    expect(useAddPostureCheckWizardStore.getState().minimumClientVersion).toBe('1.6');
+    expect(useAddPostureCheckWizardStore.getState().allowPrereleaseClient).toBe(true);
+
+    useAddPostureCheckWizardStore.getState().reset();
+
+    expect(useAddPostureCheckWizardStore.getState().minimumClientVersion).toBe(
+      versionValues.defguard[versionValues.defguard.length - 1],
+    );
+    expect(useAddPostureCheckWizardStore.getState().allowPrereleaseClient).toBe(false);
+  });
+
+  it('keeps selected operating systems unique while preserving append order', () => {
+    useAddPostureCheckWizardStore
+      .getState()
+      .addConfiguredOperatingSystem(PostureCheckOs.Windows);
+    useAddPostureCheckWizardStore
+      .getState()
+      .addConfiguredOperatingSystem(PostureCheckOs.Macos);
+    useAddPostureCheckWizardStore
+      .getState()
+      .addConfiguredOperatingSystem(PostureCheckOs.Windows);
+
+    expect(useAddPostureCheckWizardStore.getState().configuredOperatingSystems).toEqual([
+      PostureCheckOs.Windows,
+      PostureCheckOs.Macos,
+    ]);
+  });
+
+  it('persists operating-system details when navigating away from and back to step 1', () => {
+    const store = useAddPostureCheckWizardStore.getState();
+
+    store.addConfiguredOperatingSystem(PostureCheckOs.Windows);
+    store.updateOperatingSystemDetails(PostureCheckOs.Windows, {
+      conditions: ['disk-encryption', 'antivirus'],
+      securityUpdates: true,
+      version: 10,
+    });
+
+    store.next();
+    store.back();
+
+    expect(useAddPostureCheckWizardStore.getState().operatingSystemState.windows).toEqual(
+      {
+        conditions: ['disk-encryption', 'antivirus'],
+        securityUpdates: true,
+        version: 10,
+      },
+    );
+  });
+
+  it('stores posture-check details and restores their defaults on reset', () => {
+    const store = useAddPostureCheckWizardStore.getState();
+
+    expect(store.name).toBe('');
+    expect(store.description).toBeNull();
+
+    store.setName('Windows production policy');
+    store.setDescription('Restricts unmanaged Windows devices to client version 2.0+.');
+
+    expect(useAddPostureCheckWizardStore.getState().name).toBe(
+      'Windows production policy',
+    );
+    expect(useAddPostureCheckWizardStore.getState().description).toBe(
+      'Restricts unmanaged Windows devices to client version 2.0+.',
+    );
+
+    store.reset();
+
+    expect(useAddPostureCheckWizardStore.getState().name).toBe('');
+    expect(useAddPostureCheckWizardStore.getState().description).toBeNull();
+  });
+});
diff --git a/web/tests/license.test.ts b/web/tests/license.test.ts
index a7ad596f3..08f479f78 100644
--- a/web/tests/license.test.ts
+++ b/web/tests/license.test.ts
@@ -20,7 +20,6 @@ const makeLicense = (overrides: Partial<LicenseInfo> = {}): LicenseInfo => ({
   ...overrides,
 });
 
-
 describe('getLicenseState', () => {
   it('should return null for undefined (not yet loaded)', () => {
     expect(getLicenseState(undefined)).toBeNull();
@@ -74,7 +73,6 @@ describe('getLicenseState', () => {
   });
 });
 
-
 describe('canUseBusinessFeature', () => {
   it('should allow access with valid Business license', () => {
     const result = canUseBusinessFeature(makeLicense({ tier: 'Business' }));
@@ -102,7 +100,6 @@ describe('canUseBusinessFeature', () => {
   });
 });
 
-
 describe('canUseEnterpriseFeature', () => {
   it('should allow access with valid Enterprise license', () => {
     const result = canUseEnterpriseFeature(makeLicense({ tier: 'Enterprise' }));
@@ -124,7 +121,9 @@ describe('canUseEnterpriseFeature', () => {
   });
 
   it('should deny access when Enterprise license is expired', () => {
-    const result = canUseEnterpriseFeature(makeLicense({ tier: 'Enterprise', expired: true }));
+    const result = canUseEnterpriseFeature(
+      makeLicense({ tier: 'Enterprise', expired: true }),
+    );
     expect(result.result).toBe(false);
     expect(result.error).toBe('expired');
   });
diff --git a/web/tests/posture-checks-page.test.ts b/web/tests/posture-checks-page.test.ts
index e5e733358..e5ae3719d 100644
--- a/web/tests/posture-checks-page.test.ts
+++ b/web/tests/posture-checks-page.test.ts
@@ -1,14 +1,32 @@
 import { describe, expect, it } from 'vitest';
 import {
   filterPostureChecks,
+  getPostureCheckColumnFilterOptions,
   getPostureCheckOsLabel,
   mapApiDevicePostureToRow,
   mapPostureCheckFilterValueToRequestValue,
-  postureCheckColumnFilterOptions,
   type PostureCheckRow,
 } from '../src/pages/PostureChecksPage/postureChecks';
-import { PostureCheckOs, PostureCheckRequirement } from '../src/pages/PostureChecksPage/types';
-import type { ApiDevicePosture } from '../src/shared/api/types';
+import {
+  getPostureCheckVersionValues,
+  PostureCheckOs,
+  PostureCheckRequirement,
+} from '../src/pages/PostureChecksPage/types';
+import type {
+  ApiDevicePosture,
+  DevicePostureVersionMetadata,
+} from '../src/shared/api/types';
+
+const makeVersionMetadata = (): DevicePostureVersionMetadata => ({
+  os_versions: {
+    windows: [10, 11],
+    macos: [13, 14, 15, 26],
+    ios: [17, 18, 26],
+    android: [13, 14, 15, 16],
+  },
+  linux_kernel_versions: [5, 6, 7],
+  client_versions: ['1.6', '2.0'],
+});
 
 describe('posture checks page helpers', () => {
   it('maps fetched posture-check policies into compact table rows', () => {
@@ -22,7 +40,7 @@ describe('posture checks page helpers', () => {
       os_rules: [
         {
           os_type: 'windows',
-          min_os_version: 'Windows 11',
+          min_os_version: 11,
           disk_encryption_required: true,
           antivirus_required: true,
           ad_domain_joined_required: false,
@@ -30,16 +48,16 @@ describe('posture checks page helpers', () => {
         },
         {
           os_type: 'linux',
-          min_kernel_version: '6.x',
+          min_kernel_version: 6,
           disk_encryption_required: true,
         },
         {
           os_type: 'ios',
-          min_os_version: '17',
+          min_os_version: 17,
         },
         {
           os_type: 'android',
-          min_os_version: '15',
+          min_os_version: 15,
           device_integrity_required: true,
         },
       ],
@@ -48,17 +66,17 @@ describe('posture checks page helpers', () => {
     expect(mapApiDevicePostureToRow(postureCheck)).toEqual({
       id: 1,
       name: 'First posture check',
-      windows: 'Windows 11, Disk encryption, Antivirus',
-      windowsFilters: ['Windows 11', PostureCheckRequirement.DiskEncryption, 'Antivirus'],
+      windows: '11, Disk encryption, Antivirus',
+      windowsFilters: [11, PostureCheckRequirement.DiskEncryption, 'Antivirus'],
       macos: '-',
       macosFilters: [],
-      linux: 'Kernel 6.x, Disk encryption',
-      linuxFilters: ['6.x', PostureCheckRequirement.DiskEncryption],
+      linux: 'Kernel 6, Disk encryption',
+      linuxFilters: [6, PostureCheckRequirement.DiskEncryption],
       ios: 'iOS 17+',
-      iosFilters: ['17'],
+      iosFilters: [17],
       android: 'Android 15+, Device integrity',
-      androidFilters: ['15', PostureCheckRequirement.DeviceIntegrity],
-      defguard: 'Defguard 1.6+, Prerelease allowed',
+      androidFilters: [15, PostureCheckRequirement.DeviceIntegrity],
+      defguard: 'Defguard 1.6+, Pre-release allowed',
       defguardFilters: ['1.6', PostureCheckRequirement.PrereleaseAllowed],
     });
   });
@@ -112,16 +130,16 @@ describe('posture checks page helpers', () => {
       {
         id: 99,
         name: 'First posture check',
-        windows: 'Windows 11, Disk encryption, Antivirus',
-        windowsFilters: ['Windows 11', PostureCheckRequirement.DiskEncryption, 'Antivirus'],
+        windows: '11, Disk encryption, Antivirus',
+        windowsFilters: [11, PostureCheckRequirement.DiskEncryption, 'Antivirus'],
         macos: '-',
         macosFilters: [],
-        linux: 'Kernel 6.x, Disk encryption',
-        linuxFilters: ['6.x', PostureCheckRequirement.DiskEncryption],
+        linux: 'Kernel 6, Disk encryption',
+        linuxFilters: [6, PostureCheckRequirement.DiskEncryption],
         ios: 'iOS 17+',
-        iosFilters: ['17'],
+        iosFilters: [17],
         android: 'Android 15+, Device integrity',
-        androidFilters: ['15', PostureCheckRequirement.DeviceIntegrity],
+        androidFilters: [15, PostureCheckRequirement.DeviceIntegrity],
         defguard: 'Defguard 1.6+, Prerelease allowed',
         defguardFilters: ['1.6', PostureCheckRequirement.PrereleaseAllowed],
       },
@@ -150,10 +168,36 @@ describe('posture checks page helpers', () => {
     expect(filterPostureChecks(rows, 'not-present')).toEqual([]);
   });
 
+  it('maps posture version metadata into UI version values, including Linux kernel versions', () => {
+    const metadata: DevicePostureVersionMetadata = {
+      os_versions: {
+        windows: [11],
+        macos: [15],
+        ios: [18],
+        android: [15],
+      },
+      linux_kernel_versions: [6, 7],
+      client_versions: ['1.6'],
+    };
+
+    expect(getPostureCheckVersionValues(metadata)).toEqual({
+      windows: [11],
+      macos: [15],
+      linux: [6, 7],
+      ios: [18],
+      android: [15],
+      defguard: ['1.6'],
+    });
+  });
+
   it('exposes predefined filter buckets for posture requirement columns', () => {
+    const postureCheckColumnFilterOptions = getPostureCheckColumnFilterOptions(
+      getPostureCheckVersionValues(makeVersionMetadata()),
+    );
+
     expect(postureCheckColumnFilterOptions.windows.map((option) => option.id)).toEqual([
-      'Windows 10',
-      'Windows 11',
+      10,
+      11,
       PostureCheckRequirement.DiskEncryption,
       PostureCheckRequirement.Antivirus,
       PostureCheckRequirement.AdJoined,
@@ -167,11 +211,11 @@ describe('posture checks page helpers', () => {
   });
 
   it('maps typed filter values to backend request values', () => {
-    expect(mapPostureCheckFilterValueToRequestValue('Windows 11')).toBe('Windows 11');
-    expect(mapPostureCheckFilterValueToRequestValue('6.x')).toBe('6.x');
+    expect(mapPostureCheckFilterValueToRequestValue(11)).toBe('11');
+    expect(mapPostureCheckFilterValueToRequestValue(6)).toBe('6');
     expect(mapPostureCheckFilterValueToRequestValue('1.6')).toBe('1.6');
-    expect(mapPostureCheckFilterValueToRequestValue(PostureCheckRequirement.PrereleaseAllowed)).toBe(
-      'Prerelease allowed',
-    );
+    expect(
+      mapPostureCheckFilterValueToRequestValue(PostureCheckRequirement.PrereleaseAllowed),
+    ).toBe('Pre-release allowed');
   });
 });
diff --git a/web/tests/utils.test.ts b/web/tests/utils.test.ts
index 434c998dd..084bd6d17 100644
--- a/web/tests/utils.test.ts
+++ b/web/tests/utils.test.ts
@@ -1,15 +1,14 @@
 import { describe, expect, it } from 'vitest';
+import type { Device, DeviceNetworkInfo } from '../src/shared/api/types';
 import { joinCsv, splitCsv } from '../src/shared/utils/csv';
-import { smallestNetworkCapacity } from '../src/shared/utils/network';
+import { isValidDefguardUrl } from '../src/shared/utils/defguardUrl';
 import { formatFileName } from '../src/shared/utils/formatFileName';
 import { formatIpForDisplay } from '../src/shared/utils/formatIpForDisplay';
+import { smallestNetworkCapacity } from '../src/shared/utils/network';
 import { removeEmptyStrings } from '../src/shared/utils/removeEmptyStrings';
 import { removeNulls } from '../src/shared/utils/removeNulls';
 import { resourceById, resourceDisplayMap } from '../src/shared/utils/resourceById';
 import { isDeviceOnline, isUserOnline } from '../src/shared/utils/userOnlineStatus';
-import { isValidDefguardUrl } from '../src/shared/utils/defguardUrl';
-import type { Device, DeviceNetworkInfo } from '../src/shared/api/types';
-
 
 describe('joinCsv', () => {
   it('should join array into comma-separated string', () => {
@@ -32,7 +31,6 @@ describe('joinCsv', () => {
   it('should return empty string for undefined', () => {
     expect(joinCsv(undefined)).toBe('');
   });
-
 });
 
 describe('splitCsv', () => {
@@ -57,7 +55,6 @@ describe('splitCsv', () => {
   it('should return empty array for whitespace-only string', () => {
     expect(splitCsv('   ')).toEqual([]);
   });
-
 });
 
 describe('joinCsv / splitCsv round-trip', () => {
@@ -67,7 +64,6 @@ describe('joinCsv / splitCsv round-trip', () => {
   });
 });
 
-
 describe('formatFileName', () => {
   it('should convert to lowercase', () => {
     expect(formatFileName('MyFile')).toBe('myfile');
@@ -92,7 +88,6 @@ describe('formatFileName', () => {
   });
 });
 
-
 describe('formatIpForDisplay', () => {
   it('should strip /32 from IPv4 host address', () => {
     expect(formatIpForDisplay('192.168.1.1/32')).toBe('192.168.1.1');
@@ -124,22 +119,30 @@ describe('formatIpForDisplay', () => {
   });
 });
 
-
 describe('removeEmptyStrings', () => {
   it('should remove keys with empty string values', () => {
     expect(removeEmptyStrings({ a: '', b: 'hello' })).toEqual({ b: 'hello' });
   });
 
   it('should remove keys with whitespace-only string values', () => {
-    expect(removeEmptyStrings({ a: '   ', b: 'hello' })).toEqual({ b: 'hello' });
+    expect(removeEmptyStrings({ a: '   ', b: 'hello' })).toEqual({
+      b: 'hello',
+    });
   });
 
   it('should keep non-string falsy values', () => {
-    expect(removeEmptyStrings({ a: 0, b: false, c: null })).toEqual({ a: 0, b: false, c: null });
+    expect(removeEmptyStrings({ a: 0, b: false, c: null })).toEqual({
+      a: 0,
+      b: false,
+      c: null,
+    });
   });
 
   it('should keep non-empty strings', () => {
-    expect(removeEmptyStrings({ a: 'value', b: ' space ' })).toEqual({ a: 'value', b: ' space ' });
+    expect(removeEmptyStrings({ a: 'value', b: ' space ' })).toEqual({
+      a: 'value',
+      b: ' space ',
+    });
   });
 
   it('should handle object with all empty strings', () => {
@@ -152,14 +155,19 @@ describe('removeEmptyStrings', () => {
   });
 });
 
-
 describe('removeNulls', () => {
   it('should remove null values from flat object', () => {
-    expect(removeNulls({ a: 1, b: null, c: 'hello' })).toEqual({ a: 1, c: 'hello' });
+    expect(removeNulls({ a: 1, b: null, c: 'hello' })).toEqual({
+      a: 1,
+      c: 'hello',
+    });
   });
 
   it('should remove undefined values from flat object', () => {
-    expect(removeNulls({ a: 1, b: undefined, c: 'hello' })).toEqual({ a: 1, c: 'hello' });
+    expect(removeNulls({ a: 1, b: undefined, c: 'hello' })).toEqual({
+      a: 1,
+      c: 'hello',
+    });
   });
 
   it('should recursively remove nulls from nested objects', () => {
@@ -175,7 +183,11 @@ describe('removeNulls', () => {
   });
 
   it('should keep falsy non-null/undefined values', () => {
-    expect(removeNulls({ a: 0, b: false, c: '' })).toEqual({ a: 0, b: false, c: '' });
+    expect(removeNulls({ a: 0, b: false, c: '' })).toEqual({
+      a: 0,
+      b: false,
+      c: '',
+    });
   });
 });
 
@@ -186,7 +198,10 @@ describe('resourceById', () => {
       { id: 2, name: 'Bob' },
     ];
     const result = resourceById(items);
-    expect(result).toEqual({ 1: { id: 1, name: 'Alice' }, 2: { id: 2, name: 'Bob' } });
+    expect(result).toEqual({
+      1: { id: 1, name: 'Alice' },
+      2: { id: 2, name: 'Bob' },
+    });
   });
 
   it('should return null for undefined input', () => {
@@ -196,7 +211,6 @@ describe('resourceById', () => {
   it('should return empty object for empty array', () => {
     expect(resourceById([])).toEqual({});
   });
-
 });
 
 describe('resourceDisplayMap', () => {
@@ -207,10 +221,8 @@ describe('resourceDisplayMap', () => {
     ];
     expect(resourceDisplayMap(items)).toEqual({ 1: 'Alpha', 2: 'Beta' });
   });
-
 });
 
-
 const makeNetwork = (is_active: boolean): DeviceNetworkInfo => ({
   device_wireguard_ips: [],
   is_active,
@@ -243,31 +255,29 @@ describe('isDeviceOnline', () => {
     const device = makeDevice([]);
     expect(isDeviceOnline(device)).toBe(false);
   });
-
 });
 
 describe('isUserOnline', () => {
   it('should return true if any device has an active network', () => {
     const user = {
       devices: [makeDevice([makeNetwork(false)]), makeDevice([makeNetwork(true)])],
-    } as any;
+    };
     expect(isUserOnline(user)).toBe(true);
   });
 
   it('should return false if no device is online', () => {
     const user = {
       devices: [makeDevice([makeNetwork(false)]), makeDevice([makeNetwork(false)])],
-    } as any;
+    };
     expect(isUserOnline(user)).toBe(false);
   });
 
   it('should return false if user has no devices', () => {
-    const user = { devices: [] } as any;
+    const user = { devices: [] };
     expect(isUserOnline(user)).toBe(false);
   });
 });
 
-
 describe('isValidDefguardUrl', () => {
   it('should accept valid https domain URLs', () => {
     expect(isValidDefguardUrl('https://defguard.example.com')).toBe(true);
@@ -300,7 +310,6 @@ describe('isValidDefguardUrl', () => {
   });
 });
 
-
 describe('smallestNetworkCapacity', () => {
   // IPv4 cases
   it('should return 253 for a single IPv4 /24', () => {
diff --git a/web/tests/video-tutorials.test.ts b/web/tests/video-tutorials.test.ts
index f03a4cc10..081a0d4de 100644
--- a/web/tests/video-tutorials.test.ts
+++ b/web/tests/video-tutorials.test.ts
@@ -1,4 +1,5 @@
 import { describe, expect, it } from 'vitest';
+import { parseVersion, resolveVersion } from '../src/shared/utils/resolveVersion';
 import { parseVideoTutorials } from '../src/shared/video-tutorials/data';
 import { matchesVideoRouteContext } from '../src/shared/video-tutorials/resolved';
 import {
@@ -6,7 +7,6 @@ import {
   resolveVideoGuidePlacement,
 } from '../src/shared/video-tutorials/resolver';
 import { canonicalizeRouteKey } from '../src/shared/video-tutorials/route-key';
-import { parseVersion, resolveVersion } from '../src/shared/utils/resolveVersion';
 import type { VideoTutorialsMappings } from '../src/shared/video-tutorials/types';
 
 // ---------------------------------------------------------------------------
@@ -35,7 +35,9 @@ describe('canonicalizeRouteKey', () => {
   });
 
   it('should preserve dynamic route templates', () => {
-    expect(canonicalizeRouteKey('/vpn-overview/$locationId')).toBe('/vpn-overview/$locationId');
+    expect(canonicalizeRouteKey('/vpn-overview/$locationId')).toBe(
+      '/vpn-overview/$locationId',
+    );
   });
 
   it('should not strip the root slash when input is only a slash', () => {
@@ -307,7 +309,12 @@ describe('matchesVideoRouteContext', () => {
 
 describe('resolveVideoGuidePlacement', () => {
   it('should return the step-specific placement from the newest eligible version', () => {
-    const result = resolveVideoGuidePlacement(makeMappings(), '2.3.0', 'migrationWizard', 'ca');
+    const result = resolveVideoGuidePlacement(
+      makeMappings(),
+      '2.3.0',
+      'migrationWizard',
+      'ca',
+    );
 
     expect(result?.video?.title).toBe('Certificate authority guide');
   });
@@ -361,7 +368,9 @@ describe('resolveVideoGuidePlacement', () => {
       },
     };
 
-    expect(resolveVideoGuidePlacement(mappings, '2.2', 'migrationWizard', 'ca')).toBeNull();
+    expect(
+      resolveVideoGuidePlacement(mappings, '2.2', 'migrationWizard', 'ca'),
+    ).toBeNull();
   });
 
   it('should return null when neither default nor step-specific placement exists', () => {
@@ -376,7 +385,9 @@ describe('resolveVideoGuidePlacement', () => {
       },
     };
 
-    expect(resolveVideoGuidePlacement(mappings, '2.2', 'migrationWizard', 'ca')).toBeNull();
+    expect(
+      resolveVideoGuidePlacement(mappings, '2.2', 'migrationWizard', 'ca'),
+    ).toBeNull();
   });
 
   it('should return null for an unsupported placement key', () => {
@@ -539,18 +550,18 @@ describe('parseVideoTutorials', () => {
     expect(result['2.2'].sections).toHaveLength(1);
     expect(result['2.2'].sections[0].name).toBe('Identity');
     expect(result['2.2'].sections[0].videos[0].youtubeVideoId).toBe('abcDEFghiJK');
-    expect(result['2.2'].placements?.migrationWizard?.default?.video?.youtubeVideoId).toBe(
-      'xyz987GHI12',
-    );
+    expect(
+      result['2.2'].placements?.migrationWizard?.default?.video?.youtubeVideoId,
+    ).toBe('xyz987GHI12');
     expect(result['2.2'].placements?.migrationWizard?.default?.docs?.[0]?.docsTitle).toBe(
       'Defguard Configuration Guide',
     );
-    expect(result['2.2'].placements?.migrationWizard?.steps?.general?.video?.youtubeVideoId).toBe(
-      'genGuide220',
-    );
-    expect(result['2.2'].placements?.initialSetupWizard?.default?.video?.youtubeVideoId).toBe(
-      'setGuide220',
-    );
+    expect(
+      result['2.2'].placements?.migrationWizard?.steps?.general?.video?.youtubeVideoId,
+    ).toBe('genGuide220');
+    expect(
+      result['2.2'].placements?.initialSetupWizard?.default?.video?.youtubeVideoId,
+    ).toBe('setGuide220');
   });
 
   it('should accept missing docsUrl', () => {
@@ -833,7 +844,7 @@ describe('parseVideoTutorials', () => {
     };
     const result = parseVideoTutorials(raw);
     expect(
-      (result['2.2'].sections[0].videos[0] as Record<string, unknown>)['unknownField'],
+      (result['2.2'].sections[0].videos[0] as Record<string, unknown>).unknownField,
     ).toBeUndefined();
   });
 
@@ -864,7 +875,7 @@ describe('parseVideoTutorials', () => {
 
     expect(result['2.2'].sections[0].videos[0].contextAppRoutes).toEqual(['/groups']);
     expect(
-      (result['2.2'].sections[0].videos[0] as Record<string, unknown>)['unknownField'],
+      (result['2.2'].sections[0].videos[0] as Record<string, unknown>).unknownField,
     ).toBeUndefined();
   });
 
@@ -884,7 +895,7 @@ describe('parseVideoTutorials', () => {
     };
     const result = parseVideoTutorials(raw);
     expect(
-      (result['2.2'].sections[0] as Record<string, unknown>)['extraSectionField'],
+      (result['2.2'].sections[0] as Record<string, unknown>).extraSectionField,
     ).toBeUndefined();
   });
 
@@ -987,19 +998,26 @@ describe('parseVideoTutorials', () => {
 
     const result = parseVideoTutorials(raw);
 
-    expect((result['2.2'] as Record<string, unknown>)['extraVersionField']).toBeUndefined();
+    expect((result['2.2'] as Record<string, unknown>).extraVersionField).toBeUndefined();
     expect(
-      (result['2.2'].placements?.migrationWizard as Record<string, unknown>)['extraPlacementField'],
+      (result['2.2'].placements?.migrationWizard as Record<string, unknown>)
+        .extraPlacementField,
     ).toBeUndefined();
     expect(
-      (result['2.2'].placements?.migrationWizard?.default?.video as Record<string, unknown>)[
-        'ignoredVideoField'
-      ],
+      (
+        result['2.2'].placements?.migrationWizard?.default?.video as Record<
+          string,
+          unknown
+        >
+      ).ignoredVideoField,
     ).toBeUndefined();
     expect(
-      (result['2.2'].placements?.migrationWizard?.default?.docs?.[0] as Record<string, unknown>)[
-        'ignoredDocsField'
-      ],
+      (
+        result['2.2'].placements?.migrationWizard?.default?.docs?.[0] as Record<
+          string,
+          unknown
+        >
+      ).ignoredDocsField,
     ).toBeUndefined();
   });