TATER TATER Documentation
Welcome to the TATER documentation. Find guides, references, and tutorials for managing compliance across your Microsoft 365 tenants and endpoint environments.
Popular Guides
Getting Started
Set up TATER, import your first scan, and configure your environment for compliance tracking.
Running Scans
Execute M365 cloud audits, Windows OS compliance scans, and endpoint vulnerability scanning.
Dashboard Guide
Explore all dashboard features including controls, catalogs, risk scoring, and compliance drift alerts.
Reports
Generate compliance reports in PDF and CSV for executives, auditors, and technical teams.
Compliance
Frameworks & Standards
CIS, NIST 800-53, ISO 27001, SOC 2, PCI-DSS, HIPAA mapping and cross-framework compliance.
Predict the Unknown
Use M365 default behavior to predict whether Manual Review controls are likely passing or failing — reducing your blind spots before the next scan.
Scan Deduplication
Identical scans are automatically consolidated at upload time. Track scan frequency with scanCount metadata.
CSV & Excel Export
Export scan results, controls, and compliance data to CSV/Excel for SIEMs and data warehouses.
Security & Devices
Fleet Management
Track your entire device fleet with compliance scoring, MDE integration, and drill-down analytics.
Security Operations
Identity security, automated remediation, incident playbooks, and Azure resource scanning.
Implementation Guides
Curated step-by-step rollouts for Conditional Access, MFA, DMARC, BitLocker, PIM, and other common security initiatives. Per-org progress tracking with verification + rollback at every step.
TATER Tips
50+ short, action-oriented tips covering every TATER capability — each one deep-links to the page it describes. Login popup with per-user opt-out, MCP-accessible for AI walkthroughs.
Power BI Integration
Connect Power BI Desktop, Excel, or Fabric to TATER's flat data endpoint (controls, scans, risks, overrides, vendors, audits, training, BCP/DR, policies, changes). Scheduled refresh-friendly.
Power Automate Integration
Custom connector for Power Automate flows — query compliance data, create risk acceptances, trigger scans, and react to scan.completed webhook events.
MCP Feedback
How TATER MCP casually solicits feedback during a session, auto-files ADO Issues on negative sentiment, and exposes a SuperAdmin review page tracking every submission.
TATERpedia
Wikipedia-style platform-shared wiki for generic process knowledge — troubleshooting playbooks, diagnostic decision trees, remediation methodology. Searchable, contributable by any Auditor+.
Evidence Agent
Autonomously collect compliance evidence by navigating Microsoft admin portals and running PowerShell controls — driven by AI, running on your local TATER agent.
Agent Deployment
Install the TATER agent on endpoints via MSI. Deploy silently with Intune, SCCM, or Group Policy.
Agent Network Requirements
FQDN bypass list and per-vendor SSE/SASE config (Microsoft GSA, Zscaler, Netskope, Umbrella, Prisma Access). Required for accurate speed tests and Evidence Agent connectivity.
GRC Modules
Risk Register & Heat Map
Central risk register with 5x5 heat map, quantitative ALE scoring, treatment plans, and risk-to-control linkage.
Exception & Waiver Management
Structured exception requests with multi-level approval chains, automatic expiry, and compensating controls.
Audit Management
Plan audits, track findings, collect evidence from control owners, and maintain an audit calendar.
Business Continuity & DR
BCP/DR plans with BIA, RTO/RPO tracking, and test exercise management for audit compliance.
Data Classification & Privacy
Data asset inventory, flow mapping, privacy impact assessments, and retention policy management.
Security Awareness Training
Training campaigns, completion tracking, phishing simulation results, and audit-ready evidence reports.
Control Testing Automation
Scheduled test plans, reusable procedures, historical results with trend analysis, and gap detection.
Vendor Risk Management
Vendor inventory, risk tiering, assessment tracking, and continuous monitoring.
Access Reviews
Periodic access review campaigns with approve/revoke decisions and audit trail.
GRC Calendar
Unified timeline of all GRC obligations: access reviews, control tests, exceptions, BCP/DR tests, training deadlines, and vendor assessments.
Regulatory Change Management
Track framework updates and regulatory changes, assess their impact on your controls, and manage the transition to compliance with new requirements.
Change Control
Structured approval workflow for High and Critical impact control changes. Low/Medium auto-approved; scan-detected changes auto-generate requests.
Custom Control Frameworks
Build custom frameworks with drag-and-drop domains, import/export via JSON for MSP distribution, and cross-map to standard frameworks.
Collaboration
Task Tracking
Unified task view across all modules with assignments, due dates, and Kanban board.
Questionnaires
Build and distribute compliance questionnaires with AI-assisted response generation.
Feedback Board
UserVoice-style feedback system with voting, comments, and admin status tracking.
Policy Library
11 policy templates with variable engine, Markdown preview, and PDF export with branding.
Compliance Roadmap
Multi-phase remediation planning with Phase 0 Discovery, cascading phase durations, MSP billing columns, and generate-from-scan automation.
Community & Gamification
Leaderboards, achievement badges, compliance streaks, and community challenges that drive team engagement and reward security improvements.
Platform Customization
Features & Groups
Configure which features are enabled per organization, create custom user groups, and assign fine-grained feature access through the permission grid.
Widget Dashboard
Drag-and-drop widget layout with 16 widget types covering compliance score, risk summary, failing controls, SLA status, and more. Set as your start page.
Favorites & Navigation
Star any page for quick access via the topbar favorites menu. Entra Admin Center-style navigation with 8 semantic groups and sidebar search.
Integrations
AI Compliance Analyst
TATER's built-in conversational AI. Ask questions about your scan data, create risk acceptances, assign controls, document evidence, and trigger remediations — all from a chat interface.
Claude MCP Integration
Connect Claude Desktop or claude.ai directly to your TATER compliance data via the Model Context Protocol.
Microsoft 365 Copilot Integration
Install TATER as an M365 Copilot declarative agent — combine your tenant's Graph context with TATER's compliance posture, risk register, and living documentation.
Government Cloud Compatibility
How TATER supports commercial, GCC, GCC High, and DoD tenants — per-control GCCH/DoD remediation guidance, sovereign-cloud scanning configuration, and the path to a private TATER Gov deployment.
Ticketing Integration
Create Jira or ServiceNow tickets directly from failing controls — individually or in bulk — so security findings flow into your team's existing workflow.
Audit & Activity
Activity Log & Audit Trail
Every create, update, and delete action in TATER is recorded with before/after deltas. Forward to SIEM via syslog (CEF) or webhook for long-term retention.
Auditor Portal
Read-only packaged evidence view for external auditors with time-limited access tokens and point-in-time audit snapshots for regulatory evidence.
People & Organizations
People, Users & Organizations
Manage compliance contacts, user roles (SuperAdmin through Viewer), multi-org structure, and the MSP Portal for client organization management.
MSP Guide
Manage multiple client organizations from a single pane of glass. Covers Client Dashboard, Clients, Licensing, and Organizations for managed service providers.
Subscription Management
SuperAdmin guide to provisioning client organizations, setting billing details, seat licensing, suspension, and MRR tracking across the entire fleet.
MSP Billing
How MSP partners track seat usage, set client seat limits, understand access tiers, and manage their client portfolio in the TATER Licensing page.
Azure Setup
Azure Registered Apps
Configure Entra ID app registrations for Graph API-based compliance scanning.
Azure Runbooks
Deploy Azure Automation runbooks for scheduled cloud and endpoint compliance scans.
Settings Reference
Branding, tenant credentials, API keys, SIEM integration, compliance zones, and more.
Feature Reference
Comprehensive in-depth tour of every TATER capability — frameworks covered, control catalog, scan engines, GRC modules, MCP, and more.
FAQ
Quick answers to the questions we hear most — sign-in, scans, agent install, MCP, billing, MSP setup, troubleshooting common issues.
Developer Troubleshooting
Debugging guide for self-hosters and contributors — Cosmos DB queries, Function App logs, agent diagnostics, common deploy pitfalls, and known workarounds.
Sales & Positioning
Market Comparison
Head-to-head positioning against 31+ direct competitors (Drata, Vanta, Hyperproof, ScubaGear, OpenRMF, and more) — for greenfield evaluations.
Complementary Stack
How TATER fits alongside Tenable, CrowdStrike, Splunk, Okta, ServiceNow, and the other 16 categories of tools your customer already owns.
Product Brief
Canonical capability list — every feature, every integration, every framework. The single source of truth for sales conversations.
Platform Features
System Requirements
| Requirement | Details |
|---|---|
| Web Browser | Chrome, Edge, Firefox, or Safari 11+ with JavaScript enabled |
| PowerShell | 5.1 or newer for scan script execution |
| M365 Admin | Security Admin, Compliance Admin, or Global Admin role for cloud audits |
| Local Admin | Administrator privileges on target machines for OS scans |
| Network | HTTPS access to Microsoft Graph API (port 443) for cloud scans |
Quick Start
Sign in to TATER
Navigate to app.tatersecurity.com and authenticate with your Microsoft Entra ID credentials.
Configure your organization
Go to Settings to configure company name, logo, accent colors, and tenant credentials.
Run your first scan
Execute a cloud or OS scan using the provided PowerShell scripts, or trigger a server-side scan from the dashboard.
Review compliance posture
View the dashboard for compliance scores, control status, and risk metrics across all frameworks.
Take action
Create overrides for accepted risks, assign controls to team members, trigger automated remediation, and generate reports.