TATER Documentation

Submitting & Tracking Requests

How to find the right service catalog item, fill out the form, and follow your request from submission through resolution. Includes approval, comments, cancellation, and major incident notifications.

My TATER Personal Dashboard

Your personal hub across the TATER app suite: tasks, mentions, favorites, community feed, leaderboard, achievements. The recommended daily landing page.

Using AI Assistants with TATER

How Microsoft 365 Copilot, Claude, and other MCP-enabled AI can help you submit requests, find information, and act on your behalf. Always audit-tracked.

Self-Service Portal (No Login)

Submit requests via your org's public intake link without a TATER account. Useful for contractors, external partners, or submitting from personal devices.

Getting Started

Set up TATER, import your first scan, and configure your environment for compliance tracking.

Setup Wizard

A downloadable executable that configures your org end to end - pick features, it runs the scripts and logins locally.

Running Scans

Execute M365 cloud audits, Windows OS compliance scans, and endpoint vulnerability scanning.

Dashboard Guide

Explore all dashboard features including controls, catalogs, risk scoring, and compliance drift alerts.

Reports

Generate compliance reports in PDF and CSV for executives, auditors, and technical teams.

Frameworks & Standards

CIS, NIST 800-53, ISO 27001, SOC 2, PCI-DSS, HIPAA mapping and cross-framework compliance.

Predict the Unknown

Use M365 default behavior to predict whether Manual Review controls are likely passing or failing - reducing your blind spots before the next scan.

Scan Deduplication

Identical scans are automatically consolidated at upload time. Track scan frequency with scanCount metadata.

CSV & Excel Export

Export scan results, controls, and compliance data to CSV/Excel for SIEMs and data warehouses.

Fleet Management

Track your entire device fleet with compliance scoring, MDE integration, and drill-down analytics.

Endpoint Management (UEM)

Live interactive shell, patch management, software deployment, BitLocker key escrow, USB / app-allow / JIT-admin / power / browser / DNS policies. Endpoint Central parity built on TATER agents.

Security Operations

Identity security, automated remediation, incident playbooks, and Azure resource scanning.

Interactive Remote Control

WebRTC remote-support sessions to managed endpoints. PE-3 end-user consent, mouse/keyboard input injection, multi-monitor selection, and AU-14 session recording with in-app playback. Full NIST 800-53 ATO mapping.

Implementation Guides

Curated step-by-step rollouts for Conditional Access, MFA, DMARC, BitLocker, PIM, and other common security initiatives. Per-org progress tracking with verification + rollback at every step.

TATER Tips

50+ short, action-oriented tips covering every TATER capability - each one deep-links to the page it describes. Login popup with per-user opt-out, MCP-accessible for AI walkthroughs.

TATER Ops (Sister App)

Help desk and task management on the same TATER ecosystem. Tasks linked to TATER controls, recurring templates, ADO sync, MCP-driven workflows. Lives at ops.tatersecurity.com.

Ops Customization Guide

Per-org settings: hierarchical categories (5 levels deep), custom priority labels, per-category statuses, teams, custom request fields. Searchable typeahead everywhere.

Ops Workflow Automation

Trigger-once coordinated task sets. Define templates with sequential steps, role placeholders, and dependencies - trigger once to spawn all tasks with automatic dependency unlocking.

Ops Approvals & Bulk Actions

Multi-step approval chains per category (Manager → Director → CFO). Bulk-edit mode for selecting many tasks at once and applying status, priority, reassign, close, or archive.

Ops Public Intake (Email + Portal)

Convert email to tickets via Power Automate forwarding, or share the hosted self-service portal URL with end users. Token-gated, multi-mailbox routing supported.

Patch Policy Automation

Auto-approve and auto-deploy endpoint patches by severity — daily scheduler queues winget/brew/apt upgrades to matching devices. Plus a curated 3rd-party app catalog.

Ticket Auto-Triage & Routing

Score each ticket's content to auto-suggest category, priority, and the assignment-group queue — on inbound email, on demand (🧭 Triage), or via the triage_task MCP tool. Configurable keyword taxonomy.

ITIL 4 Field Coverage

Complete reference for the 46 industry-standard help-desk ticket fields TATER Ops captures - full parity with ITIL 4, ServiceNow ITSM, Jira Service Management, Zendesk, and Freshservice. Documents auto-fill behavior for SLA + lifecycle fields.

ITIL Process Profiles

Per-task profiles that drive field visibility, allowed status transitions, and SLA defaults from an industry standard (ITIL 4 Incident / Service Request / Problem, NIST SP 800-61 IR, or custom). Ships with 5 seeded starter profiles; JSON editor for full customization. Same pattern coming to Risks, Audits, Changes, and Vendors.

Ops Script Library

Reusable PowerShell / Bash scripts with fan-out execution against up to 500 target devices via the TATER Agent. Per-target stdout/stderr capture, aggregated job status, MCP-driven for agent-led remediation. CRUD, versioning, risk levels, and the device/cloud/hybrid execution-target taxonomy (ADO #498).

Scheduled Runbook Execution & Drift Monitoring

Recurring script execution (hourly / daily / weekly / monthly) against device fleets or M365 tenants. Drift detection compares consecutive runs. Action rules fire email or Tasker tasks on drift / failure. Cron checks every 5 min. ADO #497 + #498.

Cloud Script Execution (M365 / Entra ID)

Run PowerShell maintenance, audit, and diagnostic scripts against your M365 tenant from TATER Ops. Per-org Azure Automation runbook with Graph / EXO / ARM auth contexts. Ships with 8 curated templates (user diagnostic, MFA audit, mailbox delegation, suspicious inbox rules, app permissions, stale guests, license utilization, SharePoint sharing). MCP-addressable. Foundation for the planned shared library + TATERpedia auto-seed.

Intune Deployment from TATER Ops

Create and assign Microsoft Intune Proactive Remediations and Platform Scripts directly via Graph from TATER Ops → Intune. What-If preview, Entra group targeting with a Targets column, change-control gating, and audit logging. 8 MCP tools mirror the GUI exactly for AI-driven deployment.

Meetings & Business Documentation

Meeting Records with attendees, agenda, transcripts, decisions, and linked-artifact roll-up. New Business Docs area for SOPs / process maps / role descriptions / vendor briefs. MCP-first: your external LLM does all extraction via 14 new MCP tools; TATER never runs server-side LLM calls. ADO #499 + #501 + #503.

Document Reviews & Acknowledgements

Post one or more internal documents - employee manuals, HR policies, SOPs - for staff to review and acknowledge in a single sign-off. Target specific individuals, all staff in the org, or groups (departments / tags). Auditable trail (who, when, IP, attestation snapshot), completion roster with CSV export, reminder emails before expiry, a weekly pending-reviews digest, and a cross-org My Reviews queue in My TATER.

Surveys

Build custom surveys (single/multi choice, rating, NPS, scale, text) and distribute them two ways: assign to staff (individuals / all-org / groups, answered in My TATER → My Surveys) or attach to ticket categories so a CSAT survey is emailed automatically when a ticket closes. Aggregated results with NPS, respondent roster, anonymous mode, and a public response page for external requesters.

Service Catalog Administration

Design pre-defined request types with form schemas, fulfillment routing, approval flags, owner teams, ETAs. 13 starter items shipped via seed-defaults. ServiceNow-parity catalog.

CMDB / Configuration Items

Proper Configuration Items with 16 types, 10 typed relationships (auto-maintained inverses), criticality-weighted impact analysis, auto-discovery from Devices / CloudAccounts / Vendors. The foundation for Service Portfolio + Major Incident + CAB conflict detection.

Major Incident Workflow

ITIL Major Incident on top of TaskerTask. Bridge URL, incident commander, subscribers with email broadcast, status update log, affected CI rollup from CMDB. Auto-creates Post-Incident Review task on resolve with 14-day due date + 8-item checklist.

Service Portfolio

Business-facing service view on top of CMDB. Health rollup (healthy / degraded / major-outage / maintenance) combines member CI status with active Major Incidents. Executive-friendly dashboard.

CAB Workflow on Change Requests

ITIL Change Enablement with multi-approver voting, conflict detection (window-overlap / same-CI / same-control), change calendar. Standard / Normal / Emergency change types with auto-approval for Standard.

Release Management

Bundle change requests into coordinated deployments. Rollout + rollback step lists with owners and estimated time. Deployment log capped at 500 entries. Auto-stamped lifecycle timestamps.

TATERpedia Ratings & Suggested Articles

Per-user 1-5 ratings on wiki pages with optional comments, view counts, context-aware article suggestions for tickets (title 4x / tags 3x / summary 2x / body 1x scoring).

TATER Manage (SuperAdmin App)

Tenant administration + endpoint fleet management + remote command channel + multi-screen viewer + vulnerability inventory. Lives at manage.tatersecurity.com.

My TATER (Personal Dashboard)

Your personal view across the platform - favorites, assigned tasks, mentions, community feed, leaderboard, and achievements. All users. Lives at my.tatersecurity.com.

TATER Insights (Centralized Reporting)

5th sister app. 8 built-in reports (Compliance Posture, Risk, Service Desk, Helpdesk Drilldown, Training, Vendor, Audit, Licensing) with group-based access control and per-row Ops category filtering for IT / HR / AR / AP. CSV export. Lives at insights.tatersecurity.com.

API Reference

Canonical X-API-Key auth, error catalog, key scoping, and curl/PowerShell/Python snippets for MSP and partner automation against the TATER REST API.

Power BI Integration

Connect Power BI Desktop, Excel, or Fabric to TATER's flat data endpoint (controls, scans, risks, overrides, vendors, audits, training, BCP/DR, policies, changes). Scheduled refresh-friendly.

Power Automate Integration

Custom connector for Power Automate flows - query compliance data, create risk acceptances, trigger scans, and react to scan.completed webhook events.

MCP Feedback

How TATER MCP casually solicits feedback during a session, auto-files ADO Issues on negative sentiment, and exposes a SuperAdmin review page tracking every submission.

TATERpedia

Wikipedia-style platform-shared wiki for generic process knowledge - troubleshooting playbooks, diagnostic decision trees, remediation methodology. Searchable, contributable by any Auditor+.

Evidence Agent

Autonomously collect compliance evidence by navigating Microsoft admin portals and running PowerShell controls - driven by AI, running on your local TATER agent.

Agent Deployment

Install the TATER agent on endpoints via MSI. Deploy silently with Intune, SCCM, or Group Policy.

Agent Network Requirements

FQDN bypass list and per-vendor SSE/SASE config (Microsoft GSA, Zscaler, Netskope, Umbrella, Prisma Access). Required for accurate speed tests and Evidence Agent connectivity.

Application Monitoring

OneDrive health, CISA KEV exposure, and your own templated agent monitors (service, process, port, disk, cert, BitLocker, scheduled task, custom script) as one findings surface. Create monitors, toggle on/off, promote to Ops tasks.

Power Automate Flow Monitor

Catch Power Automate cloud flows that get turned off, suspended, or start failing above a threshold. Hourly scan, auto-filed Ops ticket per problem flow (auto-closed on recovery), SIEM events, and a Flow Monitor page in TATER Ops.

Power Platform Inventory

A GRC audit inventory of every Power Platform asset — environments, solutions, canvas & model-driven apps, custom connectors, and Power BI workspaces/datasets/reports — each with its maker deep-link, linkable to controls as evidence, with a consolidated CSV audit export and a Power BI feed.

OneDrive Sync Health

Automatic OneDrive sync monitoring, admin alerting with auto-Ops-tasks, opt-in self-heal, and user notifications. 10 health checks with 2-cycle hysteresis to prevent cry-wolf alerts.

OneDrive Business1 Regression

Troubleshooting guide for the recurring failure where the OneDrive Business1 registry record exists but the UserFolder value is missing - diagnostic steps, root cause, and remediation.

TATER Tuning

Per device-group, per app, dial-based hardening. Set a 0-10 level for each group-by-app cell and the TATER Agent enforces it on every device in the group within 30 minutes.

TATER Tuning - M365 Tenant Setup

Extend TATER Tuning to M365 tenant-level columns - setup, required credentials, and how tenant tuning levels are applied alongside endpoint hardening dials.

Self-Service Fixes

Admin-defined diagnose + remediate scripts the agent exposes to end users via the system tray. Auto-opens an Ops task when a fix fails. Seeded with OneDrive Reset + Drive Mappings.

Restricted Vault

Access-controlled storage for sensitive operational inventories - privileged-account rosters, network diagrams, asset inventories with serial numbers. OrgAdmin-only with optional per-doc allowlist + field-level masking. Every read audit-logged.

TATER Vault (Password Manager)

Zero-knowledge password manager at vault.tatersecurity.com. Master-passphrase encryption, built-in TOTP/MFA authenticator, password generator, breach & duplicate detection, group sharing with RSA key wrapping, organization key escrow for offboarding, and a browser extension.

Vault One-Time Send

Share a secret with anyone via a self-destructing, end-to-end-encrypted link. The decryption key lives only in the link — TATER's servers never see it. View-once, expiry, and optional password.

🤖

AI Governance (ISO 42001 / NIST AI RMF / EU AI Act)

Inventory every AI system, classify it under the EU AI Act risk tiers, and track your ISO 42001 / NIST AI RMF / EU AI Act control posture. AI System Inventory, 22-control checklist, MCP tools, and an Insights report.

🛡️

SOC 2 Readiness (Trust Services Criteria)

See how SOC 2-ready you are without re-scanning. TATER crosswalks the Trust Services Criteria (CC1–CC9 + Availability / Confidentiality / Processing Integrity / Privacy) to the M365 checks it already evaluates and computes readiness per category and per criterion.

📋

Governance Meetings

Track the recurring oversight meetings SOC 2 / ISO 27001 expect — security threat review, management review, access review, CAB, vendor review, IR, BCP/DR, training, policy. Cadence tracking, overdue alerts, control-evidence mapping, and a full audit trail.

📑

TATER Audit — Auditor Workbench

For audit firms: manage client engagements, ingest a client's evidence files with Claude (MCP-first), map them to the SOC 2 Trust Services Criteria, track coverage and gaps, and record workpapers — with or without the client on TATER.

GRC Guide (All 14 Modules)

Comprehensive walkthrough of all GRC modules: Risk Register, Exceptions, Audits, BCP/DR, Data Classification, Training, Control Testing, Change Control, Vendor Management, Questionnaires, Regulatory Changes, Access Reviews, POAM, RMF Tracker. Auditor Portal with PBC workflow.

Collaboration (Comments, Mentions, Threads)

How comments, @mentions, audit-trail attribution, and notification routing work across every TATER entity. Used by tasks, controls, risks, audits, change requests, wiki pages, major incidents, and PBC requests.

Entity Templates

Curated built-in templates and reusable org patterns for risks, vendors, audits, BCP/DR plans, control tests, training, and POAMs. AI agents follow a Template-First Rule.

Risk Register & Heat Map

Central risk register with 5x5 heat map, quantitative ALE scoring, treatment plans, and risk-to-control linkage.

Exception & Waiver Management

Structured exception requests with multi-level approval chains, automatic expiry, and compensating controls.

Audit Management

Plan audits, track findings, collect evidence from control owners, and maintain an audit calendar.

Business Continuity & DR

BCP/DR plans with BIA, RTO/RPO tracking, and test exercise management for audit compliance.

Data Classification & Privacy

Data asset inventory, flow mapping, privacy impact assessments, and retention policy management.

Security Awareness Training

Training campaigns, completion tracking, phishing simulation results, and audit-ready evidence reports.

Control Testing Automation

Scheduled test plans, reusable procedures, historical results with trend analysis, and gap detection.

Vendor Risk Management

Vendor inventory, risk tiering, assessment tracking, and continuous monitoring.

Vendor External Posture

Scan vendor domains for SPF / DMARC / TLS / HSTS, grade external security A-F, and feed the score into vendor risk. Nightly auto-sweep + MCP tools.

Questionnaire Gap Review & Trust Center Q&A

Answer only the gaps with knowledge-base suggestions, and let prospects self-serve security questions on your public Trust Center.

Access Reviews

Periodic access review campaigns with approve/revoke decisions and audit trail.

GRC Calendar

Unified timeline of all GRC obligations: access reviews, control tests, exceptions, BCP/DR tests, training deadlines, and vendor assessments.

Regulatory Change Management

Track framework updates and regulatory changes, assess their impact on your controls, and manage the transition to compliance with new requirements.

Change Control

Structured approval workflow for High and Critical impact control changes. Low/Medium auto-approved; scan-detected changes auto-generate requests.

Custom Control Frameworks

Build custom frameworks with drag-and-drop domains, import/export via JSON for MSP distribution, and cross-map to standard frameworks.

Task Tracking

Unified task view across all modules with assignments, due dates, and Kanban board.

Questionnaires

Build and distribute compliance questionnaires with AI-assisted response generation.

Feedback Board

UserVoice-style feedback system with voting, comments, and admin status tracking.

Task Notifications Setup

Route new-task alerts to staff email and a Microsoft Teams channel. Includes the Power Automate Workflow setup, the DLP block workaround, and the Adaptive Card format.

Email-to-Ticket Setup

Turn a shared mailbox into a TATER Ops ticket queue via Microsoft Graph. Includes the PowerShell provisioning script, Application Access Policy security gate, full Manage config walkthrough, and end-to-end test.

Trusted External Senders

Allowlist trusted external senders in Exchange Online. TATER generates an idempotent PowerShell script that bypasses spam filtering, suppresses the External tag, and stamps a "verified by IT" banner - with a tenant-confirmation and DMARC-spoofability guardrail.

Policy Library

11 policy templates with variable engine, Markdown preview, and PDF export with branding.

Compliance Roadmap

Multi-phase remediation planning with Phase 0 Discovery, cascading phase durations, MSP billing columns, and generate-from-scan automation.

Community & Gamification

Leaderboards, achievement badges, compliance streaks, and community challenges that drive team engagement and reward security improvements.

Features & Groups

Configure which features are enabled per organization, create custom user groups, and assign fine-grained feature access through the permission grid.

Widget Dashboard

Drag-and-drop widget layout with 16 widget types covering compliance score, risk summary, failing controls, SLA status, and more. Set as your start page.

Favorites & Navigation

Star any page for quick access via the topbar favorites menu. Entra Admin Center-style navigation with 8 semantic groups and sidebar search.

AI Compliance Analyst

TATER's built-in conversational AI. Ask questions about your scan data, create risk acceptances, assign controls, document evidence, and trigger remediations - all from a chat interface.

Claude MCP Integration

Connect Claude Desktop or claude.ai directly to your TATER compliance data via the Model Context Protocol.

Microsoft 365 Copilot Integration

Install TATER as an M365 Copilot declarative agent - combine your tenant's Graph context with TATER's compliance posture, risk register, and living documentation.

MCP Tool Policies

Per-org, per-role, per-group control over which AI tools your agents can invoke. Block destructive tools globally, scope sensitive ones to specific groups, preview policy decisions before saving.

Zoho / ManageEngine Endpoint Central

Native Zoho OAuth 2.0 connector that pulls patch posture from ManageEngine Endpoint Central Cloud into TATER's Application Monitoring surface - setup, scopes, and sync behavior.

Government Cloud Compatibility

How TATER supports commercial, GCC, GCC High, and DoD tenants - per-control GCCH/DoD remediation guidance, sovereign-cloud scanning configuration, and the path to a private TATER Gov deployment.

Ticketing Integration

Create Jira or ServiceNow tickets directly from failing controls - individually or in bulk - so security findings flow into your team's existing workflow.

Activity Log & Audit Trail

Every create, update, and delete action in TATER is recorded with before/after deltas. Forward to SIEM via syslog (CEF) or webhook for long-term retention.

Auditor Portal

Read-only packaged evidence view for external auditors with time-limited access tokens and point-in-time audit snapshots for regulatory evidence.

People, Users & Organizations

Manage compliance contacts, user roles (SuperAdmin through Viewer), multi-org structure, and the MSP Portal for client organization management.

MSP Guide

Manage multiple client organizations from a single pane of glass. Covers Client Dashboard, Clients, Licensing, and Organizations for managed service providers.

🔐

SSO & SCIM Provisioning

Connect Okta / Entra / OneLogin / JumpCloud for automatic SCIM 2.0 user provisioning and deprovisioning — offboarding in the IdP removes TATER access automatically. Per-org bearer token, default-role mapping, audit trail.

Subscription Management

SuperAdmin guide to provisioning client organizations, setting billing details, seat licensing, suspension, and MRR tracking across the entire fleet.

MSP Billing

How MSP partners track seat usage, set client seat limits, understand access tiers, and manage their client portfolio in the TATER Licensing page.

MSP Tenant Setup

Required Entra ID directory roles for an MSP technician to set up TATER in a client tenant. Includes a downloadable PowerShell script to grant + revoke the role set on a target user.

Azure Registered Apps

Configure Entra ID app registrations for Graph API-based compliance scanning.

Azure Runbooks

Deploy Azure Automation runbooks for scheduled cloud and endpoint compliance scans.

Settings Reference

Branding, tenant credentials, API keys, SIEM integration, compliance zones, and more.

Feature Reference

Comprehensive in-depth tour of every TATER capability - frameworks covered, control catalog, scan engines, GRC modules, MCP, and more.

FAQ

Quick answers to the questions we hear most - sign-in, scans, agent install, MCP, billing, MSP setup, troubleshooting common issues.

Developer Troubleshooting

Debugging guide for TATER Security developers and contributors - Cosmos DB queries, Function App logs, agent diagnostics, common deploy pitfalls, and known workarounds.

Market Comparison

Head-to-head positioning against 31+ direct competitors (Drata, Vanta, Hyperproof, ScubaGear, OpenRMF, and more) - for greenfield evaluations.

Complementary Stack

How TATER fits alongside Tenable, CrowdStrike, Splunk, Okta, ServiceNow, and the other 16 categories of tools your customer already owns.

Product Brief

Canonical capability list - every feature, every integration, every framework. The single source of truth for sales conversations.