This control plane turns raw Microsoft Graph Intune exports into a buyer-readable endpoint posture surface for platform, security, and IT operations teams: noncompliant devices, stale sync risk, encryption gaps, rooted BYOD devices, and the remediation packet needed before access and rollout windows break.
| Device | Owner | State | OS | Findings | Next action |
|---|---|---|---|---|---|
| exec-win-01 Executive endpoints Lead laptop / privileged operator endpoint |
Executive IT | compliant | Windows | 0 | Preserve green posture and archive current compliance proof for the next audit packet. Healthy company-owned Windows endpoint used as the baseline control lane. |
| sales-ios-02 Mobile sales fleet Revenue-critical iPhone for traveling seller |
Sales Operations IT | noncompliant | iOS | 2 | Clear noncompliance and raise iOS version before the next travel launch window. Noncompliant iOS posture creates immediate access and rollout risk. |
| byod-android-07 Personal Android / BYOD Personal Android under corporate policy scope |
BYOD Governance | compliant | Android | 2 | Review root/jailbreak posture and confirm BYOD policy boundaries before allowing continued access. BYOD scope is active, but the device is rooted and needs immediate operator review. |
| finance-mbp-04 Finance workstation fleet MacBook handling finance workflows and approvals |
Finance Platform Support | compliant | macOS | 2 | Restore encryption and re-establish sync hygiene before the next finance close period. Encryption gap and stale sync make this the highest evidence-risk device in the sample. |
| shared-kiosk-east Shared kiosk / frontline device Shared kiosk without named user mapping |
Storefront Operations | inGracePeriod | Windows | 2 | Attach ownership, resolve grace-period posture, and keep kiosk access from drifting into blind spots. Shared kiosk is close to flipping noncompliant and has no attached user. |