In one example, a network device may store health status information specifying a current security status for each of a plurality of authenticated endpoint devices in accordance with an authorization data model. The network device may update the current security status of each of at least two of the plurality of authenticated endpoint devices connected to an enterprise network to indicate that each of the at least two of the plurality of authenticated endpoint devices has a compromised security status, and identify a characteristic common to both of the authenticated endpoint devices having the compromised security status. The network device may interface with one or more policy enforcement devices to quarantine a set of endpoint devices associated with the identified characteristic. The current security status of at least one of the quarantined endpoint devices may indicate that the quarantined endpoint device does not have a compromised security status.