Endpoint Management
Endpoint Management provides visibility into your organization's device fleet through MDM integrations. Devices are synced from your MDM provider, evaluated against compliance policies (encryption, firewall, passcode, OS version), and tracked through a posture dashboard with historical compliance snapshots for audit evidence.
Overview
Access from Security Operations → Endpoint Management in the sidebar. The page has four tabs: Dashboard, Devices, Policies, and History.
Dashboard
The dashboard provides an at-a-glance view of device posture across six KPI cards and three breakdown panels.
KPI Cards
| Metric | Description |
|---|---|
| Compliance Rate | Percentage of devices meeting all policy requirements |
| Encryption Coverage | Percentage of devices with disk encryption enabled |
| Firewall Coverage | Percentage of devices with host firewall active |
| MDM Enrollment | Percentage of known devices enrolled in MDM management |
| Stale Devices | Count and percentage of devices that haven't checked in recently |
| Total Managed Devices | Total number of devices in the fleet |
Each KPI card is color-coded by health status:
- Healthy (green) — Metric meets target thresholds
- Medium (amber) — Below target but not critical
- High (orange) — Significant compliance gap
- Critical (red) — Requires immediate attention
Breakdown Panels
- By Platform — Device count by operating system (macOS, Windows, iOS, Android, Linux)
- Compliance Status — Count of devices in each compliance state (Compliant, Non-Compliant, Unknown, Not Evaluated)
- Encryption — Count of devices by encryption state (Encrypted, Not Encrypted, Unknown)
Device Inventory
The Devices tab shows all synced devices with filtering and a detail sidecar.
Device Table
| Column | Description |
|---|---|
| Device | Device name with platform icon and OS version |
| Compliance | Color-coded badge: Compliant, Non-Compliant, Unknown, or Not Evaluated |
| Encryption | Lock/unlock icon indicating disk encryption status |
| Status | Managed, Unmanaged, or Pending |
| Last Check-In | Relative time since last MDM sync (e.g., "2h ago", "3 days ago") |
| Source | MDM provider name (SimpleMDM, Microsoft Intune, Jamf Pro) |
Filtering
- Search — Filter by device name
- Platform — All Platforms, macOS, Windows, iOS, Android, or Linux
- Status — All Statuses, Compliant, Non-Compliant, Unknown, or Not Evaluated
Device Detail Sidecar
Click any device row to open the detail sidecar showing:
Device Information:
- Device name, platform, OS version, model, manufacturer
- Serial number
- User (name and email)
- Source integration
Compliance Status:
- Overall compliance badge
- Managed status (Managed, Unmanaged, Pending)
- Encryption, firewall, and passcode status (Enabled, Disabled, or Unknown)
- Last check-in timestamp
- First seen and last seen dates
Policy Results: Per-policy compliance breakdown showing each rule's pass/fail/unknown result, severity level, and descriptive label. This helps identify exactly which policy rules a non-compliant device is failing.
Device Sources
Devices sync automatically from connected MDM providers:
| Provider | Platforms | Description |
|---|---|---|
| SimpleMDM | macOS, iOS | Apple device management with profile-based enforcement |
| Microsoft Intune | Windows, macOS, iOS, Android | Cross-platform device management via Microsoft Endpoint Manager |
| Jamf Pro | macOS, iOS | Enterprise Apple device management with detailed compliance data |
Connect MDM providers through Administration → Integrations. Devices sync on a 6-hour interval via the platform's sync scheduler. Each sync updates device attributes, compliance status, and last check-in timestamp.
Compliance Policies
Compliance policies define rules that devices must satisfy to be considered compliant. Devices are evaluated against all enabled policies — all rules within a policy must pass for the device to be compliant (AND logic).
Creating a Policy
Click + New Policy to create a compliance policy:
- Name — Descriptive name (e.g., "Baseline Security Requirements")
- Description — Optional scope and purpose description
- Rules — Add one or more compliance rules
Rule Types
| Field | Description | Operators |
|---|---|---|
| Encryption Enabled | Disk encryption (FileVault, BitLocker) must be active | equals, notEquals |
| Firewall Enabled | Host firewall must be turned on | equals, notEquals |
| Passcode Compliant | Screen lock passcode must be configured | equals, notEquals |
| Antivirus Active | Antivirus/EDR agent must be running | equals, notEquals |
| OS Version | Operating system must meet a minimum version | semverMin |
| Last Check-In | Device must have synced within a time window | olderThanDays |
Each rule includes:
- Field — Which device attribute to check
- Operator — How to evaluate the attribute
- Value — The expected value or threshold
- Severity — Critical, High, Medium, or Low — determines how the failure is weighted
- Label — Descriptive text shown in compliance reports (e.g., "FileVault encryption required")
Evaluating Policies
Click the Evaluate button on any policy to trigger an immediate re-evaluation against all devices. The result toast shows: "Evaluated X devices: Y compliant, Z non-compliant."
Policies also evaluate automatically after each device sync.
Example Policies
Baseline Security Policy:
- Encryption Enabled equals true (Critical) — "Full disk encryption required"
- Firewall Enabled equals true (High) — "Host firewall must be active"
- Passcode Compliant equals true (Medium) — "Screen lock passcode required"
OS Currency Policy:
- OS Version semverMin 14.0.0 (High) — "macOS 14+ required"
- Last Check-In olderThanDays 30 (Medium) — "Device must sync within 30 days"
Compliance Snapshots
The History tab shows point-in-time compliance snapshots. Snapshots are captured automatically after each device sync and provide historical data for trend analysis.
Each snapshot records:
- Timestamp — When the snapshot was captured
- Total Devices — Fleet size at capture time
- Compliance Rate — Percentage of compliant devices
- Device Counts — Compliant, non-compliant, and unknown counts
- Platform Breakdown — Per-platform compliance counts
- Policy Breakdown — Per-policy pass/fail counts
Snapshots create an audit trail showing continuous monitoring and compliance trends over time — useful for demonstrating to auditors that devices are being actively managed and evaluated.
Compliance Statuses
| Status | Description |
|---|---|
| Compliant | Device passes all enabled policy rules |
| Non-Compliant | Device fails one or more policy rules |
| Unknown | Device attributes insufficient to evaluate (e.g., null encryption status) |
| Not Evaluated | No compliance policies are defined or the device hasn't been evaluated yet |
Non-Compliance Handling
When a device fails a policy rule:
- The device is flagged as Non-Compliant in the device inventory
- The detail sidecar shows which specific rules failed, with severity and description
- Dashboard KPI cards and breakdown panels update to reflect the compliance gap
- Compliance snapshots record the posture change for historical tracking
- Remediation tasks can be created to address specific failures (e.g., "Enable FileVault on Jim's MacBook")
Supported Platforms
| Platform | Icon | Examples |
|---|---|---|
| macOS | Apple icon | MacBook Pro, Mac mini, iMac |
| Windows | Windows icon | Surface Pro, Dell Latitude, ThinkPad |
| iOS | Mobile icon | iPhone, iPad |
| Android | Android icon | Pixel, Samsung Galaxy |
| Linux | Linux icon | Ubuntu, RHEL workstations |