The TATER suite is bigger than any single product. This page is the canonical reference for which app owns which feature, which modules are shared across the suite, and how data flows between them. Use it to answer “which app do I open for X?” and to understand why the platform feels coherent even as it grows.
Every major capability in the suite, mapped to the app that owns its primary UI. Shared modules are surfaced in multiple apps but live in one data store with one audit trail.
| Capability | Primary owner | Notes |
|---|---|---|
| Compliance & Security | ||
| Compliance scans (M365 & endpoint) CIS, CISA SCuBA, DISA STIG, NIST 800-53 evaluation | Security | 5,000+ controls, agent + runbook scanners |
| Controls catalog & framework manager Unified V2 engine with threshold logic | Security | Default + per-org overlay |
| Risk register, exceptions, audits, BCP/DR 14 GRC modules with full workflow | Security | Linked to controls bidirectionally |
| POAM, RMF tracker, SSP generator Federal/DoD ATO pipeline | Security | OMB A-130 + eMASS export, OSCAL JSON |
| Endpoint security & vulnerability data MDE, CISA KEV, Intune compliance | Security | Per-device CVE mapping |
| Identity Security / ITDR Risky users, sign-in anomalies, conditional access posture | Security | Graph API + risk policy engine |
| Remediation runbooks 67 M365 + 1,379 endpoint hardening scripts | Security | PS7 + PS5.1 dual-runtime |
| AI Compliance Analyst & Evidence Agent Agentic Claude with 111+ tools | Security | BYOK or platform-managed |
| Service Management & Workflow | ||
| Tasks & help-desk ticketing Categories, priorities, custom statuses, SLA tracking | Ops | Replaces PowerApps Tasker |
| Workflow automation Template-driven multi-step task spawning | Ops | Role placeholders, dependency unlocking |
| Meeting records & transcripts Bot + manual + Outlook calendar capture | Ops | Sensitivity-gated, MCP-first extraction |
| Business documentation library SOPs, processes, role descriptions | Ops | AI-drafted with provenance trails |
| Public intake portal (request.html) Token-gated email-to-ticket | Ops | Power Automate friendly |
| Ops scripts & scheduled runbooks Device + cloud script library with cron + drift detection | Ops | Auto-creates tasks on drift |
| Knowledge browse (Policies, Docs, Wiki) Read-only views; edits deep-link to Security | Ops | Shared substrate |
| Tenant Admin & Telemetry | ||
| Organizations, users, subscriptions Multi-tenant fleet management | Manage | SuperAdmin only |
| MSP licensing & tier system T1 Monitor / T2 Operate / T3 Manage | Manage | MspRelationships table |
| Activity log & usage analytics Cross-channel audit (web / MCP / Copilot / agent / cron) | Manage | via field attribution |
| Integrations marketplace ADO, Jira, ServiceNow, SIEM, webhook | Manage | Per-org encrypted config |
| Endpoint fleet (devices, agents, vulns) Go agent v2.1.x deployment + version control | Manage | Cross-platform binaries |
| Remote command channel & screens Per-device PS/bash execution, multi-screen viewer | Manage | WebRTC + REST queue |
| Meeting bot configuration Per-tenant consent & purpose routing | Manage | SA-only UI |
| MCP feedback & tool policies Agent telemetry & per-org tool gating | Manage | SuperAdmin governance |
| Personal Dashboard | ||
| My dashboard & favorites Per-user starred entities & activity summary | My TATER | Same favorites across all apps |
| My tasks & mentions feed Assigned tasks + @mentions across the platform | My TATER | Topbar unread badge |
| Community feed & leaderboard Org-wide activity stream + gamified rankings | My TATER | XP from real compliance work |
| Achievements (40+ badges) Leveled milestones for sustained effort | My TATER | 14 governance-creator badges |
| Shared modules (one data substrate, multiple surfaces) | ||
| Policies library 11 templates, draft → approve → sign workflow | Shared | Edit in Security, browse in Ops |
| TATERpedia (platform wiki) Generic playbooks & methodology pages | Shared | Required summary field |
| Configuration Documentation Per-org living docs (network, infra, dependencies) | Shared | AI-maintained via MCP |
| Vendor / TPRM Risk scoring, questionnaires, contracts | Shared | Auto-creates audit findings on low score |
| Calendar (iCal + in-app) 18 event sources unified | Shared | Token-gated public feed |
| Change Control & Trust Center Internal approvals + external posture | Shared | Live trust-center data |
| MCP server (111+ tools) Same surface for Claude, Copilot, ChatGPT | Shared | HTTP + stdio parity enforced |
The four surfaces are not separate products bolted together — they are one platform. They share identity, database, audit trail, and design tokens. Three rules govern the architecture.
Sign in once at login.html. The MSAL session in localStorage is honored by every app domain (security, ops, manage, my). Role hierarchy — SuperAdmin, ServiceProvider, OrgAdmin, Auditor, Viewer — is enforced uniformly by the API regardless of which app issued the call.
All four surfaces read and write to the same Cosmos DB (cosmos-tater-sec) partitioned by tenantId. A risk created via MCP from Copilot, an exception approved via TATER Security, and a task spawned in TATER Ops all flow through the same containers with the same partition strategy and the same audit log.
Every mutating call writes to the AuditLog with a via field: web, mcp, copilot, claude, agent, api, cron, or ado-webhook. Manage → Activity Log filters by channel so SuperAdmins can see exactly which actions came from autonomous agents vs. human operators.
A single monolithic app would have collapsed under the surface area. Four split-by-audience apps with one substrate gets us focused UX per persona without the data fragmentation that kills cross-product workflows.
Compliance officers don't need to see device remote-command UI. Help-desk staff don't need the POAM module. SuperAdmins shouldn't have to dig past employee leaderboards to manage subscriptions. Per-app surfaces respect attention; the shared substrate respects continuity.
The Three-Doc Rule (Ops task + ConfigDoc + TATERpedia page) means every troubleshooting session leaves behind a durable lifecycle record AND specific org state AND a generic methodology page. MCP agents enforce this automatically. Knowledge doesn't evaporate.
TATER runs no server-side LLM. All AI extraction (meeting transcripts, evidence collection, policy drafting) happens in the user's own Claude / Copilot / ChatGPT session via MCP. TATER's cost is storage + tool routing. The platform scales with usage without per-tenant LLM token bills.