Ask any IT security manager how many devices are on their network and you will get an estimate, not an answer. The estimate is almost always low. Shadow IT, unmanaged personal devices, forgotten test machines, and assets that were provisioned but never properly enrolled create a gap between what the organization believes it manages and what actually exists in the environment.
That gap is where incidents happen. Unpatched endpoints, devices with disabled security controls, and machines running end-of-life operating systems create attack surface that the security team cannot address because they do not know it exists. Device fleet management closes that gap by consolidating endpoint data from multiple authoritative sources into a single, continuously updated inventory.
The Unmanaged Device Problem
The scale of the unmanaged device challenge is consistently underestimated. Research from asset visibility vendors reveals a concerning baseline across enterprise environments.
Three out of ten devices. Not in small businesses with informal IT processes, but in enterprises with dedicated security teams and substantial tooling budgets. The problem is structural: device enrollment processes are imperfect, employees connect personal devices, contractors use their own hardware, and IoT devices proliferate without oversight. No single management tool captures the complete picture, which is why cross-source correlation is essential.
Data Sources and Auto-Discovery
TATER's device fleet management draws from two primary Microsoft data sources: Defender for Endpoint (MDE) and Intune. MDE provides security-focused telemetry including health status, risk scoring, exposure levels, onboarding state, and vulnerability data. Intune provides management-focused context including compliance policy adherence, configuration profiles, and enrollment status. When both sources report on the same device, TATER merges the records into a unified view.
Auto-discovery occurs during the daily endpoint scan. The Scan-Endpoints runbook queries both MDE and Intune APIs, correlates devices by hardware identifiers and hostnames, and uploads the consolidated inventory to TATER. New devices appear in the fleet automatically. Devices that disappear from both sources are flagged as potentially decommissioned rather than silently removed.
"You cannot comply with what you cannot inventory. Every compliance framework starts with asset management. If your device list is incomplete, your compliance percentage is aspirational, not actual."
Hardware Inventory and Health Metrics
Each device record in TATER captures comprehensive hardware and software details: CPU model, RAM capacity, OS version and build number, BIOS version, serial number, manufacturer, and model. This data supports both compliance reporting (verifying OS versions meet minimum requirements) and operational planning (identifying hardware approaching end of life).
MDE health metrics add a security dimension to each device. The risk score (None, Low, Medium, High) reflects the aggregate vulnerability exposure of that specific endpoint. The exposure level indicates how susceptible the device is to exploitation based on its current configuration and patch state. The last-seen timestamp identifies devices that may be offline, lost, or decommissioned. Together, these metrics give security teams a per-device risk profile without requiring them to correlate data manually across multiple consoles.
Network Performance Monitoring
For organizations with distributed workforces, network performance is a compliance-adjacent concern. Devices with consistently poor connectivity may fail to receive policy updates, miss patch deployments, or time out during security scans. TATER's agent includes a built-in speed test capability that measures download throughput, upload throughput, and latency against self-hosted test files. These measurements are stored per device and surfaced in the fleet view, allowing IT teams to identify connectivity issues that could impact compliance posture.
How TATER Helps
TATER's Devices page provides a unified view of every managed endpoint, automatically populated from MDE and Intune scan data. Hardware details, OS versions, compliance status, MDE risk scores, and vulnerability counts are visible per device. The daily endpoint scan keeps the inventory current without manual intervention. Speed test results, installed software catalogs, and CISA KEV cross-references add depth to each device record, giving security teams the visibility they need to manage fleet-wide compliance from a single console.
