This control plane turns raw Microsoft Graph Intune exports into a buyer-readable endpoint posture surface for platform, security, and IT operations teams: noncompliant devices, stale sync risk, encryption gaps, rooted BYOD devices, and the remediation packet needed before access and rollout windows break.
| Risk | Owner | Device | OS | Message |
|---|---|---|---|---|
| high noncompliant-device |
Sales Operations IT | sales-ios-02 brooke.sales@kineticgain.example |
iOS noncompliant |
Device is noncompliant. |
| high jailbroken-device |
BYOD Governance | byod-android-07 casey.ops@kineticgain.example |
Android compliant |
Device is jailbroken / rooted. |
| high missing-encryption |
Finance Platform Support | finance-mbp-04 drew.finance@kineticgain.example |
macOS compliant |
Disk encryption is not enabled. |
| high stale-checkin |
Finance Platform Support | finance-mbp-04 drew.finance@kineticgain.example |
macOS compliant |
Last Intune sync 47 day(s) ago. |
| medium outdated-os-version |
Sales Operations IT | sales-ios-02 brooke.sales@kineticgain.example |
iOS noncompliant |
iOS 15.6 is below the minimum 17.0. |
| medium in-grace-period |
Storefront Operations | shared-kiosk-east — |
Windows inGracePeriod |
Device is in compliance grace period; will flip noncompliant if not remediated. |
| medium orphaned-device |
Storefront Operations | shared-kiosk-east — |
Windows inGracePeriod |
Enrolled device has no associated user. |
| info personal-device-with-corporate-policy |
BYOD Governance | byod-android-07 casey.ops@kineticgain.example |
Android compliant |
Personal (BYOD) device is under corporate compliance policy — confirm MAM/MDM scope. |