A method and apparatus are provided for authenticating the contents of a device requesting access to a first network, such as an enterprise network. If a device has connected to at least one other network then the content of the device is evaluated prior to obtaining access. The scope of the content evaluation may be based, for example, on properties of the other network or on one or more defined content authentication rules. If a device attempts to access a network, the content of the device is evaluated and the device may be restricted to accessing only one or more restoration services if the content fails to satisfy one or more predefined criteria, such as a content item that is out of date or a determination that the device connected to one or more external networks. The restoration service(s) can update a content item that is out of date, reinstall one or more programs or return configuration settings to default values.