Combined compliance overview across all your organizations. Click an organization card to switch to it.
◈
Loading organization data...
My Dashboard
Your assigned controls, overrides, comments, and recent activity.
Loading your data...
My Dashboard
Customize your view by adding, removing, or reordering widgets. Drag to rearrange.
Add Widget
Compliance
Detailed view
No data loaded
Seed the control catalog to view all compliance controls, or import a scan result to see compliance status.
Compliance PostureTrends, applications, risk
Compliance Trend
Compliance Status Breakdown
Pass
Fail
Manual
Override
Skip
Priority Distribution (Failing/Pending)
Critical
High
Medium
Low
By Application
Risk Analysis
Security OperationsVulns, SLA, MITRE, drift
Vulnerability Remediation
Remediation SLA
MITRE ATT&CK Coverage
Compliance Drift Alerts
Drift History
GRC & TasksRisks, exceptions, audits, tasks
Quick Actions
Risk Register
GRC Status
≡
No controls loaded
Import a scan JSON or run a cloud scan to view controls.
Group by|
Status
Control
Zone
Framework
L
Title
Risk
Summary
Actions
Controls
≡
No Controls Loaded
Controls will appear once default data is seeded or loaded from the API.
Scan Results
Control Catalog
Control #
Title
Zone
Framework
L
Method
Actions
◧
Catalog is empty
Add controls manually or import a scan - controls found in scans are auto-seeded into the catalog.
Frameworks & Compliance Zones
Frameworks
Editing:
Compliance Zones
Compliance Zones
Compliance Zones define which applications and platforms are in scope for your organization. Zones selected under Applicable Compliance Zones (Compliance Config > Settings) determine what appears in reports and compliance calculations. Mark a zone as Primary to feature it prominently on the dashboard and in report details.
Name
Category
Type
Controls
Compliance
Pass
Fail
Manual
Actions
⬡
No Compliance Zones
Add compliance zone definitions to enrich control data.
Authorities
Authorities are the organizations that publish security frameworks and benchmarks (e.g. CIS, CISA, DISA, NIST). Each framework references an authority.
Name
Abbreviation
Description
Frameworks
Website
Actions
⊜
No Authorities
Add the organizations that publish the frameworks and standards you track.
Authority
⊜
Frameworks
Name
Authority
Type
Controls
Actions
⊛
No Frameworks
Add framework definitions to organize your controls.
Compliance Standards
Name
Authority
Version
Category
Coverage
Actions
⊕
No Standards Defined
Add compliance standards like NIST, SOC 2, HIPAA to map your controls.
◎
No overrides
Import a ManualOverrides.json or add overrides directly from the Controls view.
Config files are analyzed against CIS network device benchmarks and stored in the
Config Collection and
Network Documentation pages.
Scan History
Run Cloud Scan
Scheduled Scanning
Loading schedule…
Add Person
Name
Email
Groups
Organizations
Actions
◻
No people added
Add Microsoft accounts and link them to organizations for multi-tenant management.
▾Agent-Managed Devices
▾MDE / Intune Devices
◻
No devices found
Devices are discovered from scan data or can be added manually.
Manage client organizations and user access.
Details
⊞
Members
Tenants
Add Tenant
Organization Branding
Customize logos and accent color for this organization. Members will see these when they select this org.
Dark Mode Logo
Light Mode Logo
Automated Remediation
Configure automated remediation for this organization. Requires a separate Azure AD app registration with write permissions and an Azure Automation webhook.
Remediation uses WRITE permissions. Ensure the app registration follows the principle of least privilege. Only Admins can trigger remediations.
Predict the Unknown
When enabled, Manual Review controls with a defined "Default Compliance" value will be shown as Predicted Pass (teal) or Predicted Fail (pink) throughout dashboards, reports, and control views. This helps reduce the unknown surface area while clearly distinguishing predictions from confirmed scan results.
To mark individual controls as default-pass or default-fail, edit them in the Catalog page and set the "Default Compliance" field. Controls without a Default Compliance value will always remain as Manual Review.
Application Auto-Discovery
Automatically discover and register compliance zones from endpoint scan software inventory. When enabled, new applications are synced after each endpoint scan load.
When enabled, software with vulnerabilities, 5+ device installs, or EOL status will be automatically registered as compliance zones. When disabled, all auto-discovered software zones are removed (agent-discovered devices are not affected). The manual "Sync to Zones" button on Endpoint Security still works regardless of this setting.
Licensing
Set the plan type and user/admin seat limits for this organization. Limits are informational - enforcement must be handled at the API or provisioning layer.
White-Label Portal
When enabled, TATER branding is completely replaced by this organization's branding - including the sidebar logo, topbar, favicon, and browser tab title. Use this to deliver a fully branded compliance portal to your clients.
Requires the organization to have a logo uploaded above. When enabled, members of this org will see the org logo instead of TATER branding throughout the application.
MSP Portal
Mark this organization as a Managed Service Provider. MSP org admins gain access to compliance roadmap billing features, white-labeling controls, and can manage licensing for their client organizations.
When enabled, OrgAdmins of this organization can see billing and fee columns in compliance roadmaps, access white-label branding controls, and manage licensing settings for client organizations.
Scan Infrastructure
Per-organization Azure Automation settings. When set, these override the global environment variables and allow this org to use its own Automation Account for compliance scans.
Azure Automation webhook URL for the Scan-M365Cloud runbook in this org's Automation Account
Storage account containing remediation scripts (defaults to global STORAGE_ACCOUNT_NAME)
Key Vault certificate name used by the runbook (defaults to global CERTIFICATE_NAME)
Subscription
Billing and subscription details for this organization. Internal notes are never visible to the client.
Notification Emails
Comma-separated email addresses to receive scan completion notifications for this organization. Leave blank to disable email notifications.
These addresses receive scan completion emails. TATER Notifications (Notifications@TATERSecurity.com) is the sender.
Danger Zone
Delete this organization
This will archive the organization. This action cannot be easily undone.
All registered users across organizations.
Name
Email
Organizations
Last Active
Actions
0 user(s) selected
◻
No registered users
Users appear here after signing in to TATER.
to
Timestamp
Initiated By
Action
Category
Affected Entity
Details
⊙
No activity recorded
Activity will appear here as users make changes.
Profile
Tenant ID:
Roles:
Organizations:
LinkedIn:
Preferences
Theme
Switch between dark and light mode
Notification Preferences
Loading…
Assigned Reviews
Activity History
Activity history tracking is coming in a future release.
Trust Center
Showcase your organization's compliance posture, certifications, and security practices. Publish to create a shareable public link.
Organization Profile
Certifications & Standards
Select which compliance standards to showcase publicly.
Security Practices
Compliance Summary
Choose which frameworks to include in the public compliance summary.
Preview
Published Trust Center
Policy Template Library
Manage and share organizational security policies. Publish to create a shareable public policy portal.
Published Policy Library
Policy
Category
Status
Version
Owner
Last Reviewed
Actions
◷
No policies found
Add your organization's security policies to share them internally or publish publicly.
Security Questionnaires
Manage client and vendor security questionnaires. Use AI Assist to generate draft responses from your compliance data.
Total
0
In Progress
0
Completed
0
Avg Completion
0%
Questionnaire
Client / Vendor
Status
Due Date
Progress
Actions
☷
No questionnaires found
Create a new questionnaire or import from CSV to get started.
Device inventory, vulnerabilities, and CISA KEV alerts from Defender for Endpoint
CISA Known Exploited Vulnerabilities Detected0
These CVEs are actively exploited in the wild and require immediate attention per CISA BOD 22-01.
Total Devices
-
Vulnerabilities
-
Critical
-
High
-
CISA KEV
-
Software
-
EPSS > 10%
-
No endpoint scan data
Run an endpoint vulnerability scan from Azure Automation to populate this dashboard.
TATER Tuning
Per group × app hardening dial. Higher levels = more locked-down. Agents enforce on heartbeat (~30 min).
Loading…
Tune
Group × App
Loading…
Non-human identity monitoring: app registrations, service principals, and managed identities
App Registrations
--
Service Principals
--
Managed Identities
--
Expired Credentials
--
Expiring (30d)
--
No Owner
--
High-Privilege
--
Non-Human Identity Risks Detected0
□
No identity data
Run an M365 cloud scan to collect non-human identity inventory.
Periodically certify user access across your organization. Create campaigns to review and approve or deny user access.
Total Campaigns
0
Active
0
Completed
0
Expired / Overdue
0
Over-Permissioned
--
Stale Accounts
--
Pending Reviews
0
Completion %
--
Identity Risk Insights(from People directory)
Campaign
Scope
Status
Due Date
Progress
Actions
☑
No access review campaigns
Create a campaign to periodically certify user access in your organization.
Name
Email
Role
Last Login
Flags
Decision
Justification
Actions
☑
No users in scope
Activate the campaign to populate the user list based on scope.
Track and assess third-party vendors, their risk profiles, compliance certifications, and assessment status.
Total Vendors
0
Critical Tier
0
Pending Reviews
0
Expiring Certs
0
Assessments Overdue
0
Questionnaire Done
0
View:
⬡
No vendors tracked
Add third-party vendors to track their risk profiles and compliance status.
Vendor RFPs
Weighted-criteria evaluations across candidate vendors. Score, compare, and award.
Contract Renewals
Vendor contracts expiring within the window. Overdue renewals surface in red. Click a contract to renew or edit.
Vendor Security Ratings
Third-party security ratings across BitSight / SecurityScorecard / UpGuard / RiskRecon / Panorays / Whistic / manual. Sorted lowest-first so the riskiest vendors appear at the top.
Active Projects / Engagements
Active workstreams (migrations, cutovers, IdP changes, network changes, Intune deployments). Agents check this list FIRST when triaging end-user symptoms - active projects are the most likely cause of unfamiliar issues. Document common symptoms and known issues here so future sessions surface them.
Name
Status
Dates
Tags
Linked
No projects yet
Capture an active migration, cutover, or change initiative so future agent sessions know to consider it as a likely cause for end-user symptoms.
Identify, assess, and track organizational risks with linked controls and vendors.
Total Risks
0
Critical (20-25)
0
High (15-19)
0
Medium (8-14)
0
Low (1-7)
0
View:
⚠
No risks tracked
Add risks to build your organizational risk register.
Manage control exceptions and waivers with formal approval workflows and automatic expiration.
Total Exceptions
0
Pending Review
0
Approved
0
Expired
0
View:
⚖
No exceptions
Request control exceptions when compensating controls or business justifications apply.
Track framework updates, version changes, and their impact on your compliance posture.
Total Changes
0
Under Review
0
Implemented
0
Affected Controls
0
Framework
Version Change
Date
Status
Affected
Actions
✆
No regulatory changes tracked
Track framework version updates and their impact on your compliance controls.
Approval workflow for High and Critical impact control changes. Low/Medium changes are auto-approved.
Total
0
Pending Approval
0
Approved
0
Rejected
0
Auto-Approved
0
Control
Description
Impact
Type
Status
Requested By
Date
Actions
✍
No change requests
Log a planned or completed change to a High or Critical impact control to start the approval workflow.
Log Change
High and Critical changes require OrgAdmin approval before being accepted.
Review Change Request
Plan, execute, and track internal and external audits with findings and corrective action plans.
Total Audits
0
In Progress
0
Complete
0
Open Findings
0
View:
☐
No audits tracked
Create audits to track internal and external compliance assessments.
Auto Remediation
Controls with available remediation scripts. Trigger automated fixes directly from here.
No remediation scripts available
Remediation catalog is empty or still loading.
Remediation History
Endpoint Hardening Plan
Select controls to auto-build your remediation plan. Each selection generates the script or Intune configuration inline.
Remediation Plan
No controls selected
✓
Check controls on the left to generate your remediation plan
Fail Non-compliant in last scanIntune Detect+Remediate pair availableScript Standalone PS remediationManual GPO or manual steps
Incident Response Playbooks
Step-by-step response procedures for M365 security incidents.
Ticketing Integration
Connect to Jira, ServiceNow, or a generic webhook to create tickets from failing compliance controls.
Global Settings
Branding is managed by your administrator. Contact them to request changes.
⊜
TATER
Customize your organization's profile and branding. These settings apply to all members of your organization.
Organization Profile
Branding
Dark Mode Logo
Light Mode Logo
Global application settings that apply to all organizations. Only Super Admins can modify these values.
Dark Mode
Logo
Light Mode
Logo
Data Retention
Configure how long compliance data is kept before automatic expiry. Applies to audit logs and scan results for this organization.
Retention Policy
Min 30 · Max 365 · Default 90
Min 30 · Max 365 · Default 90
Scan Summarization Tiers
TATER automatically summarizes scan data over time to balance detail with storage efficiency.
Full Detail
0 – 7 days
Every scan stored in full - all control results, evidence, and raw data
Weekly Averages
8 – 35 days
Scans within each week condensed to average pass/fail rates per control
Monthly Rollup
36 – 365 days
One monthly summary per calendar month - trend data and top findings only
Yearly Archive
365+ days
Annual compliance snapshots only - audit-ready summary records
✓ Saved
Connect a New Tenant
Grant TATER the permissions it needs to scan your Microsoft 365 environment. A Global Administrator must complete this step.
Used to generate scan commands and cross-reference audit results.
Add Tenant
+ Directory Search Credentials (optional)
App registration with User.Read.All (Application) permission. You can also add these later via Edit.
Pick the tier matching this tenant's Microsoft cloud. Wrong choice → Graph 401 / DNS resolution errors during scans.
API Keys
Generate API keys for the TATER Compliance Agent. Keys are shown once at creation - copy immediately. Revoked keys stop working immediately.
Copy this key now - it will not be shown again!
Client Configuration
Use these values to configure the TATER Compliance Agent on endpoint machines. You can also download a pre-configured config.json file.
Applicable Compliance Zones
Select which applications are relevant to your organization. Only selected zones appear in reports and compliance calculations. The zone marked as Primary (set on the Compliance Zones page) is used for report details and featured on the dashboard. Leave all unchecked to include everything.
Automated Remediation
Configure automated remediation for your organization. When enabled, the Remediate button on controls will trigger Azure Automation runbooks to apply fixes automatically.
Remediation uses WRITE permissions. Ensure the app registration follows the principle of least privilege.
Remediation SLA Targets
Define maximum remediation time targets per severity level. Controls exceeding these targets are flagged as SLA breaches on dashboards and the remediation page.
hours (2 days)
hours (7 days)
hours (30 days)
hours (90 days)
Saved
Remediation & Detection Reassessment
Regularly reassess your automated remediation coverage and detection capabilities as user submissions, AI agent findings, and scan results accumulate. This cadence ensures your automation stays current with the evolving control landscape.
📋 Recommended Reassessment Checklist
Review all controls with Manual Review status - determine if automation is now possible based on recent submissions
Check AI agent evidence comments for patterns indicating new remediation opportunities
Evaluate new compliance controls added in the last quarter - add remediation scripts where feasible
Test existing remediation scripts against the latest OS/service versions in your environment
Review detection rules in Defender and SIEM - update to capture new attack techniques from ITDR findings
Cross-reference CISA KEV with your installed software inventory - ensure automated patching covers newly added KEV entries
⚠ Reassessment is due or overdue. Schedule a review with your security team.
✓ Saved
SIEM Integration
Forward audit events to external Security Information and Event Management (SIEM) systems via syslog or webhook.
Syslog / CEF
Sends events in CEF (Common Event Format) via RFC 5424 syslog (UDP or TCP). Compatible with: Microsoft Sentinel, IBM QRadar, ArcSight (Micro Focus / OpenText), LogRhythm SIEM, Fortinet FortiSIEM, Elastic Security SIEM, Rapid7 InsightIDR, Blumira, AT&T AlienVault USM Anywhere, Trellix (McAfee) ESM, SolarWinds Security Event Manager (SEM), ManageEngine Log360, Graylog, Sumo Logic, Datadog, Palo Alto Cortex XSIAM, Exabeam, and Securonix.
Webhook
Control Script Template
This template is used when generating stub scripts from the Catalog. Edit it to match your conventions, then save. The stub generator will fill in your control metadata automatically.
Recycle Bin
Deleted items are kept here until permanently removed. Restore to bring them back.
Recycle bin is empty.
Sample Data
Create demo organizations with sample data for testing and evaluation.
Large enterprise - 12 members, 3 frameworks, ~200 controls, full compliance program
Compliance Score Widget
Embed a read-only compliance score badge on internal dashboards or portals.
Content Provenance Audit
Audit catalog control text for CIS-derived language. Heuristic checks identify which controls need rewriting in TATER's voice for commercial licensing independence (ADO #401). Set CIS_REFERENCE_CORPUS_PATH on the Function App to enable verbatim n-gram matching against a local CIS corpus.
Highest-risk controls (top 50)
Control ID
Risk Score
Worst Class
Flag Count
Click "Run Audit" to scan the catalog.
TATER Setup
A guided checklist for getting TATER configured for your tenant. Items adapt to your Microsoft cloud tier, MSP status, and integrations. Progress saves automatically; finishing the list earns the Fully Onboarded achievement.
Setup Progress
0%0 / 0
Microsoft Cloud Tier
Pick the tier that matches the tenant you're scanning. The checklist below adapts based on this answer (e.g., GCC High and DoD show different identity / Defender steps).
Intelligence
Predict the Unknown
When enabled, Manual Review controls with a configured Default Compliance value are shown as Predicted Pass or Predicted Fail in dashboards, bars, and reports - reducing the unknown surface area while clearly distinguishing predictions from confirmed scan results. Set the Default Compliance value for each control on the Catalog page.
AI Compliance Analyst
Provide your own Anthropic API key to use your account for AI Analyst conversations. If left blank, the platform key is used (if configured by your administrator). Your key is encrypted at rest and never shared.
Feature Control
Beta Features
SuperAdmins can flag features as beta - they are hidden from all organizations until opted in. Organizations opt in on this page.
Organization Features
Enable or disable features for your entire organization. Disabled features are hidden from all users (except SuperAdmin). Core features cannot be disabled.
Access Control
Groups
Create groups, assign members, and control which features each group can access.
⚙
No custom groups
Create groups to control feature access for different teams.
Feature Permissions
Control which features each group can access. Core features (Dashboard, Controls) cannot be disabled.
Create a group first to configure feature permissions.
Saved!
How to Run Scans
# Select a tenant above to generate commands
Prerequisites
# 1. Install required modules for all cloud products (run once)
.\Install-Prerequisites.ps1 -Products AllCloud
# 2. Or install modules for specific products only
# The scan prints the JSON path and opens this viewer automatically
# In the viewer: click ⊕ Import Scan and select the JSON file
# Default output location:
.\Reports\M365_Audit_YYYYMMDD_HHmmss.json
Azure resource security posture from Defender for Cloud assessments
Total Resources
--
Healthy
--
Unhealthy
--
Critical Findings
--
High Findings
--
Categories
--
☁
No Azure resource data
Run an Azure security scan or import Defender for Cloud assessment data to see resource posture.
AWS resource security posture via Security Hub and GuardDuty findings
Accounts
--
Compliant
--
Findings
--
Critical
--
High
--
Findings
☁
No AWS scan data
Configure AWS accounts and run the Scan-AWSCloud runbook to populate this dashboard.
GCP resource security posture via Security Command Center findings
Projects
--
Compliant
--
Non-Compliant
--
Critical Findings
--
High Findings
--
☁
GCP Scanning - Coming Soon
GCP scanning will use a Workload Identity Federation service account to pull findings from Security Command Center, mapped to CIS GCP Foundations Benchmark controls.
Integration Marketplace
Connect TATER to your existing tools and automate notifications
Total
--
Connected
--
Available
--
Notification Rules
When events occur, automatically send notifications to connected integrations.
Client Dashboard
Monitor compliance posture, alerts, and health across all client organizations
◈
Loading client data...
Configuration Documentation
Versioned reference docs for configurations, architecture decisions, and operational procedures - linked to controls, frameworks, and change records.
📄
No documentation found
Create your first document to start building your configuration knowledge base
Version History
Linked Items
New Configuration Document
Link to Other Items (optional)
Business Continuity and Disaster Recovery plan library. Track plans, tests, recovery objectives, and system criticality.
Total Plans
0
Active
0
Draft
0
Tests Overdue
0
Plan Name
Type
Owner
Status
Last Tested
Next Test Due
Systems
Actions
♻
No BCP/DR plans
Create a business continuity or disaster recovery plan to track your organization's resilience posture.
Plan of Action & Milestones - track and remediate DoD/NIST findings to closure. Help ↑
Total POAMs
0
Open
0
In Progress
0
Completed
0
Overdue
0
View:
📋
No POAMs
Track DoD/NIST findings through remediation with a Plan of Action & Milestones.
Details
Weakness Description
Remediation Plan
Milestones
Description
Target Date
Status
NIST Risk Management Framework - track each system through the 6-step ATO lifecycle (Categorize → Select → Implement → Assess → Authorize → Monitor).
Total Systems
0
Authorized
0
In Progress
0
Expired / Withdrawn
0
View:
✅
No RMF systems
Track an information system through the NIST RMF 6-step ATO workflow.
New RMF System
FIPS 199 Categorization (overall impact = highest of the three)
System Security Plan documents - author per-control implementation statements, AI-assist drafts, export to OSCAL JSON or Word .docx for federal authorization packages.
View:
📄
No SSP documents
Create a System Security Plan to document control implementation for ATO authorization.
New SSP Document
New POAM
Data inventory, processing activities (GDPR Article 30), and privacy impact assessments.
Data Types
0
Processing Activities
0
PIAs
0
Restricted Data
0
☷
No data classification records
Start by adding data inventory items, processing activities, or privacy impact assessments.
Track security awareness training campaigns, phishing simulations, and per-user completion.
Total Campaigns
0
Active
0
Avg Completion
0%
Phishing Click Rate
0%
Campaign
Type
Status
Start Date
End Date
Completion
Participants
Actions
☆
No training campaigns
Create a security awareness training campaign or phishing simulation to track employee readiness.
Schedule and track periodic control testing. Record test execution results and evidence collection.
Scheduled Tests
0
Effective
0
Ineffective
0
Overdue
0
Control
Title
Frequency
Last Tested
Next Due
Result
Tester
Actions
✔
No control tests scheduled
Schedule periodic tests for your compliance controls to verify their effectiveness.
Track tasks, incidents, findings, and action items arising from compliance work.
Open
0
In Progress
0
Overdue
0
Resolved This Week
0
ID
Title
Type
Priority
Status
Assignee
Due Date
Actions
☑
No tasks tracked
Create tasks to track compliance work items, incidents, and action items.
TATER Calendar
Unified timeline - GRC due dates, compliance roadmap phases, scan schedules, access reviews, control tests, and more.
📡 Live Calendar Subscription (webcal)
Subscribe to this URL in Outlook, Apple Calendar, or Google Calendar for automatic live updates every hour. Unlike a one-time .ics download, this link always reflects your current TATER data.
In Outlook: File → Account Settings → Internet Calendars → New. In Apple Calendar: File → New Calendar Subscription. Events refresh approximately every hour.
Loading calendar...
Share ideas, vote on feature requests, and see what is planned.
Total Ideas
0
Under Review
0
Planned
0
Completed
0
Compliance Roadmaps
Phase-based MSP engagement plans. Auto-generate from scan data, set billing, and export branded proposals for clients.
No roadmaps yet. Create one to start planning a client compliance engagement.
New Compliance Roadmap
Choose a type and configure the engagement
-
months
-
$/hr
mo
Total Value
-
-
Failing Controls
-
Est. Hours
-
Phases
-
Total Value
No phases yet. Click Auto-Generate to build risk-ranked phases from your current scan findings.
ITDR alerts will appear here when sign-in anomalies or identity-based threats are detected from M365 Entra ID data.
New Alert
Investigation
Unified security posture across AWS, GCP, and Azure cloud environments.
☁
AWS
--
No accounts connected
☁
GCP
--
No accounts connected
☁
Azure
--
No accounts connected
Overall Score
--
Cross-cloud posture
☁
No cloud accounts connected
Add an AWS, GCP, or Azure account to begin cross-cloud security posture assessment against CIS Benchmarks.
Add Cloud Account
AI-powered compliance assistant - ask questions, get remediation guidance, draft policies, and analyze scan results.
🤖 AGENTIC - reads your scan data and can take actions on your behalf
🤖
TATER AI Compliance Analyst
I can read your scan results, analyze compliance findings, create risk acceptances, add evidence, assign controls to team members, and trigger remediations.
Use the suggested prompts above or tell me what you need to work on.
Autonomous agent that navigates admin portals to collect evidence for Manual Review controls. Requires TATER Agent installed on a desktop machine.
Total Jobs
0
Running
0
Completed
0
Failed
0
Controls Checked
0
💡 How Evidence Agent works
1. Create a job - select Manual Review controls from your latest scan or pick a job type (Browser or PowerShell).
2. Agent picks it up - TATER Agent on a desktop machine polls for pending jobs every 15 seconds.
3. Browser jobs - agent opens Chrome, prompts you to sign in to M365, then autonomously navigates and screenshots each control area.
4. Findings saved - evidence is posted as comments on each control with compliance labels and screenshots described.
No evidence jobs yet. Create one above to get started.
Evidence Job
New Evidence Job
💻 The TATER Agent on a desktop machine will open a Chrome window and prompt the user to sign in to M365. The agent then autonomously navigates to each required admin portal page to collect evidence. Keep the machine unlocked while the job runs.
📦 The TATER Agent will execute the PowerShell control scripts locally on the agent machine and post findings as evidence comments. No browser required.
Choose the machine that should run this job. For browser jobs, pick a desktop you have access to - Chrome will open there.
Enter one control ID per line. These must match control IDs in your catalog.
Loading manual review controls from latest scan...
Get Started - Implementation Progress
Tracks your TATER configuration end-to-end. Status is detected automatically from system data - finish each step to unlock the full feature set and earn organization achievements.
Setup Progress
-
Loading…
TATERpedia SHARED
A Wikipedia-style wiki shared across all TATER organizations. Pages cover controls, applications, frameworks, and free-form troubleshooting / diagnostic / remediation topics. Edited by any Auditor+ in any org. Content must be generic - for org-specific configuration use Configuration Documentation, for org-specific decisions use Comments threads.
Loading…
Loading…
New Wiki Page
Schedule manual configuration collection tasks for devices that cannot be automatically scanned - firewalls, switches, routers, and more.
Total Sources
0
Due This Week
0
Overdue
0
Uploads This Month
0
Source Name
Device Type
Vendor
Schedule
Assigned To
Next Due
Last Upload
Status
Actions
📂
No collection sources configured
Add a collection source for each device that requires manual configuration auditing - firewalls, managed switches, routers, and other infrastructure that cannot be automatically scanned.
New Collection Source
Link this source to a compliance zone so uploaded configs contribute to zone compliance evaluation.
Step-by-step instructions for the technician collecting this configuration. Supports Markdown.
Upload Configuration
Collection Instructions
Upload History
Clients
Manage client organizations, access tiers, and onboard new clients
Root MSP
TATER Security
Platform-level MSP with visibility into all organizations
-
MSP Orgs
-
Client Orgs
-
Relationships
MSP Organizations
Loading...
Select an MSP organization to manage its client access
Client Onboarding Checklist
Walk a new client org through the steps required to get them ready for first scan. Tracked per-client; saves automatically when you click Save.
Onboarding Progress
0%0 / 0
Licensing
Per-user licensing • All features included • Manage seat limits across client organizations
Feature usage analytics for your organization. SuperAdmins also see cross-tenant traffic, referrers, and per-org breakdown.
Loading analytics...
Community
My Level
-
Loading…
My XP
-
Achievements
-
Org Level
-
Loading…
Org XP
-
Org Achievements
-
My Activity
Top People XP Leaderboard
Recent Achievements
Org Achievements
My Profile
🧑
JPEG, PNG, WebP, or GIF only. Max 150 KB. No SVG.
My Achievements
Loading…
Subscription Management
Manage all client and MSP subscriptions, billing contacts, seat limits, and renewal dates.
Organization
Type
Status
Seats
Monthly Rate
Vault Add-on
Renewal
Billing Contact
Actions
Loading subscriptions…
Edit Subscription
MCP Feedback
Every MCP feedback submission across all orgs. Negative entries auto-file ADO bugs and link to the work item. Use to spot pain points and validate fixes.
Loading…
TATER Tips
A growing library of bite-sized tips covering every TATER capability - each one links you straight to the page it describes. Search, filter by category or difficulty, or just browse.
Loading…
Achievements
Loading…
Leaderboard
Implementation Guides
Curated step-by-step guides for common security initiatives - Conditional Access for compliant devices, MFA rollout, DMARC enforcement, BitLocker, PIM for admins, and more. Each guide includes prerequisites, ordered steps with verification criteria, rollback notes, and links to the controls and frameworks they advance. Track completion per organization.
Loading…
Loading…
Security Posture
Composite security score across compliance, vulnerabilities, identity threats, and risk acceptance.
Loading security posture...
Audit Snapshots
Point-in-time compliance freezes for audit periods - lock a snapshot to prevent changes during auditor review.
Total Snapshots
--
Locked
--
Latest Pass Rate
--
Name
Framework
Period
Controls
Pass Rate
Status
Created
Actions
Evidence Freshness
Continuous view of how current each control's evidence is. Surfaces controls whose scan evidence has gone stale and risk acceptances / manual verifications that are expiring — so you re-evidence before an auditor (or a lapse) catches it.
Auditor Access
Generate expiring read-only access tokens for external auditors - no account required.
Auditors visit: https://app.tatersecurity.com/auditor/{token} - read-only view of controls, overrides, and evidence.
Auditor
Email
Framework
Expires
Accesses
Status
Created
Actions
Report Distribution
Schedule automated compliance report emails to stakeholders. Requires SMTP configured in Integrations. For the full report catalog with XLSX/PDF export, custom datasets, and recurring delivery, use TATER Insights › Scheduled Reports ↗.
Loading schedules...
Create Audit Snapshot
Captures current compliance state as a point-in-time reference.
Generate Auditor Token
Creates a read-only expiring access link for an external auditor.
New Report Schedule
Configure Integration
Notification Rule
Send notifications when events occur
New Task
Create or edit a task, incident, finding, or action item
Linked Items (optional)
Notification Preview
Sample notification email
Add Client Access
Define the access tier this MSP org has for the selected client
Select an organization to grant access to
Onboard New Client
Quick setup for a new client organization
1 Organization
2 Members
3 Configuration
4 Review
Add team members who will access TATER for this client.
Select frameworks and scanning configuration for this client.
Resource Detail
Add Control
⬡ Script Stub GeneratorGenerates a ready-to-edit .ps1 from this catalog entry
Remediation & Guidance
Time Estimates & Relations
Government Cloud Guidance - GCC High / DoD variants (optional)
For controls that have different remediation steps, audit URLs, or PowerShell flags in GCC High or DoD tenants, populate the variant guidance below. Customers operating in those clouds will see this alongside the standard remediation. Leave blank if the standard guidance applies as-is.
DoD tier - only fill in if DoD-specific guidance differs from GCC High. If left blank, GCC High guidance applies to DoD as well.
Assign Control
Run Automated Remediation
QueuedDownloadingConnectingExecutingReporting
Respond to Control
Evidence & Documentation
Override Status
All Scans (Global)
Edit Compliance Zone
Add Device
Edit Item
Manage Devices
Device Types
Custom device types appear in the Type dropdown when adding devices. Built-in types (workstation, server, firewall, switch, router) are always available.
Hardware Catalog (Manufacturer | Product Family → Model)
Hierarchical: product families belong to a manufacturer, models belong to a product family.
Manufacturers
Product Families
Models
Upload Policy Document
Upload an existing policy file. The document will be stored with your metadata and accessible from the Policy Library.
📎
Click to select or drag & drop a file PDF, DOCX, PPTX, TXT, MD - max 50 MB
Request Policy Sign-off
🔗 Sign link active
Search contacts by department, team, or role to add a group.
If no required signers are specified, anyone with the link can sign.
Pending signers will receive reminder emails at the selected frequency.
Policy Signatures
Loading...
Add Policy
📎 Have an existing file (PDF, DOCX, pen test report, insurance cert)?
📖 TATERpedia SHARED
Loading…
✎ Policy Sign-off
Policy Template Library
Choose a template to create a new policy. Templates include best-practice content and customizable variables.
📋
No templates match your filters
Try adjusting your search or filter criteria.
Configure Template
New Group
Assign People to Group
⌨ Keyboard Shortcuts
Navigation
G → D
Dashboard
G → C
Controls
G → S
Scans
G → P
People
G → R
Risk Register
G → E
Exceptions
G → A
Audits
G → T
Tasks
G → V
Vendors
G → Q
Questionnaires
G → F
Frameworks
G → M
Machines / Fleet
G → X
AI Assistant
G → W
Compliance Roadmap
G → Y
Policy Library
GRC Modules
G → B
BCP / DR
G → N
Regulatory Changes
G → O
Overrides / Risk Acceptance
G → H
Change Control
G → I
Training Campaigns
G → L
Data Classification
G → K
Control Testing
Actions
Ctrl+K
Open search
/
Open search
?
This shortcut guide
Esc
Close modal / overlay
N
New item on current page
Press G then a letter within 1.2 seconds to navigate. Shortcuts are disabled when an input is focused.
Import Controls from CSV
Upload a CSV file with control definitions.
No file selected
Preview
Add Compliance Standard
⊜
Add Framework
⊜
Submit an Idea
Share your feature request or improvement suggestion.
