TATER Getting Started
This guide walks you through initial setup of TATER, from signing in for the first time to importing your first compliance scan.
Prerequisites
Ensure you have a supported web browser, PowerShell 5.1+, and the appropriate administrative access for your organization.
| Requirement | Details |
|---|---|
| Modern Web Browser | Chrome, Edge, Firefox, or Safari 11+ |
| PowerShell 5.1+ | Required for Windows endpoint compliance scanning and M365 runbooks |
| Bash (Linux agent) | Standard bash shell — required only for Linux endpoint scanning |
| Local Admin / sudo Access | For OS compliance scanning on target machines (Windows or Linux) |
| M365 Admin Rights | Security Admin or Global Admin for cloud tenant auditing |
Step 1: Sign In
Open the application
Navigate to app.tatersecurity.com in your web browser. The application uses Microsoft Entra ID for authentication.
Authenticate with Entra ID
Click Sign In and authenticate using your organization's Microsoft credentials. TATER uses MSAL.js with OAuth 2.0 popup flow.
Select your organization
If you belong to multiple organizations, select the one you want to manage from the organization switcher in the header.
Step 2: Initial Configuration
Navigate to Settings (gear icon in the sidebar) to configure your organization:
- Company Name: Your organization name (displayed in reports and headers)
- Company Logo: Upload a logo (PNG, 200x50px recommended). Separate logos for dark and light themes.
- Accent Color: Customize the dashboard accent color (default:
#3b9eff) - Tagline: Optional company tagline for reports
Settings are saved per-organization. If you manage multiple organizations, configure branding separately for each one.
Step 3: Add Your M365 Tenant
If you plan to audit Microsoft 365, add your tenant credentials in Settings > Tenant Credentials:
- Tenant Name: Friendly display name (e.g., "Contoso - Production")
- Tenant ID: Your Azure AD tenant ID (GUID format)
- Client ID: App registration client ID for Graph API access
- Authentication: Client secret or certificate-based authentication
Tenant credentials are encrypted at rest in the database. Certificate-based authentication is recommended for production environments. Never share or expose client secrets.
Step 4: Import Your First Scan
Option A: Server-Side Scan (Recommended)
If tenant credentials are configured, you can run a scan directly from the dashboard:
- Navigate to the Scans page
- Click Run Scan and select your tenant
- The API authenticates to Graph API using stored credentials and runs compliance checks server-side
- Results appear automatically when the scan completes
Option B: TATER Agent (Windows / Linux / macOS)
Deploy the TATER Agent to endpoints for recurring local compliance scanning:
- Windows: Install the MSI from Settings > Endpoint Agent. The agent runs as a Windows service and performs scheduled compliance scans with no user interaction.
- Linux: Download the tar.gz package (amd64 or arm64) and run
install.shwith your API key and org ID. The agent installs as a systemd service. - macOS: Download the binary (Apple Silicon or Intel) and install it as a launchd service.
Agent scan results are automatically uploaded to TATER and appear on the Scans page. See the Agent Deployment Guide for full installation and configuration details.
Option C: PowerShell Scan
Run a compliance scan from PowerShell and upload the results:
.\M365-ComplianceAudit.ps1 -TenantId "your-tenant-id" -OutputDir "C:\ScanResults"For Windows OS compliance scanning:
.\Scan-Windows11Enterprise.ps1 -Level 1 -OutputDir "C:\ScanResults"After the scan completes, import the JSON results file from the Scans page using the Import Scan button.
Step 5: Verify Your Import
Return to the main Dashboard page. You should now see:
- Compliance Score: Overall compliance percentage
- Control Status: Passed, Failed, Manual, Not Applicable counts
- Trend Chart: Scan history visualization showing your first data point
- Application Cards: Per-service compliance breakdown
Your first scan is imported and compliance tracking has begun. Continue to the next steps below to get the most from TATER.
Topbar Icon Buttons
The topbar runs across the top of every page and contains several quick-action icon buttons on the right side:
| Icon | Action | Shortcut |
|---|---|---|
| 🔍 Magnifying glass | Open global search overlay | Ctrl+K |
| ☑ Checklist | Go to My Tasks (badge shows open count) | — |
| ★ Star | Open Favorites dropdown (pin frequently visited pages) | — |
| ≡ Hamburger | Tools menu (Import Scan, Import Overrides, Export Bundle) | — |
| ↺ Circular arrow | Refresh current page — re-fetches data without a full browser reload | — |
| ⓘ Circle-i | Report a bug or submit a feature request | — |
| 🌙 Moon / ☀ Sun | Toggle dark / light mode | — |
Next Steps
- Review the Dashboard Guide to explore all dashboard features
- Create Overrides for any accepted risks with business justification
- Assign controls to team members in the People page for accountability
- Set up Azure Runbooks for automated scheduled scanning
- Generate your first Executive Summary Report for stakeholders
- Configure multi-framework mapping for NIST, ISO 27001, SOC 2
- MSP organizations: Navigate to MSP → Clients to register your MSP org and add client relationships with T1 (Monitor), T2 (Operate), or T3 (Manage) tiers. See the MSP Guide for full setup instructions.
Troubleshooting Initial Setup
Ensure you have imported at least one scan. Navigate to the Scans page and use the Import button to upload a scan results JSON file.
Verify your Entra ID app registration has the correct redirect URIs configured. Clear browser cache and try again. Check that your account has the required admin roles.
Ensure you are running PowerShell as Administrator. Check execution policy with Get-ExecutionPolicy and set to RemoteSigned if needed. Verify the output directory exists and has write permissions.