Device Management (MDM)
Introduction
The Devices module provides comprehensive endpoint management for your organization. Enroll devices, deploy security policies, scan for vulnerabilities, and ensure device compliance.
Search
Home
Integrations
Frameworks
Audits
Policies
Vendors
Risk
Access Reviews
Trust Center
Security Assistant
Status
People
Training
Phishing Campaigns
Data Leak
Device List
Security Checks
Web Browsing
Attack Surface
Penetration Testing
Typosquatting
Code Security
Dependencies
Key Features
Device Enrollment
Enroll Windows, macOS, and Linux devices with the Bastion agent
Security Checks
Monitor device compliance with security policies
Vulnerability Scanning
Continuous scanning for software vulnerabilities
MDM Query
Run OSQuery commands for detailed device interrogation
Why Device Management?
Endpoint Security Challenges
- Remote Work - Devices outside corporate network
- BYOD - Personal devices accessing corporate data
- Patch Management - Keeping software updated
- Compliance - Enforcing security baselines
Benefits
- Visibility into all endpoints
- Consistent security configurations
- Rapid vulnerability response
- Compliance evidence generation
Module Components
Device List
Central inventory of all enrolled devices:
- Device details and specifications
- Compliance status
- Security posture
- Last check-in time
Learn more about Device Enrollment →
Security Checks
Compliance policies for security enforcement:
- Device compliance monitoring
- Passing, failing, and unknown device states
- Policy-level compliance tracking
- Remediation guidance
Learn more about Security Checks →
Software
Software inventory and MCP configuration monitoring:
- Installed software across all devices
- Vulnerability tracking per software
- MCP server configuration detection
- Security issue identification
Vulnerabilities
Continuous vulnerability monitoring:
- CVE detection
- Severity scoring
- Remediation guidance
- Patch tracking
Learn more about Vulnerabilities →
MDM Query
Advanced device interrogation:
- OSQuery interface
- Real-time queries
- Saved query library
- Query scheduling
Supported Platforms
| Platform | Agent | Features |
|---|---|---|
| Windows 10/11 | Full | All features |
| macOS | Full | All features |
| Linux | Partial | Inventory, vulnerabilities |
| iOS | MDM | Configuration profiles |
| Android | MDM | Configuration profiles |
Getting Started
Download Agent
Download the Bastion agent for your platform.
Install on Devices
Deploy the agent to endpoints.
Create Policies
Define security policies for your environment.
Assign Policies
Apply policies to device groups.
Monitor Compliance
Track device compliance in the dashboard.
Related Modules
- Web Browsing Security -- DNS filtering and browser extensions for enrolled devices
- Security Awareness Training -- Train employees alongside endpoint management
- Compliance Frameworks -- Device policies generate evidence for SOC 2 and ISO 27001
Device Dashboard
Key Metrics
| Metric | Description |
|---|---|
| Total Devices | Enrolled device count |
| Compliant | Devices meeting policy |
| Non-Compliant | Devices failing policy |
| Vulnerable | Devices with vulnerabilities |
| Offline | Devices not checking in |
Quick Actions
- Enroll new device
- Run compliance scan
- Deploy policy update
- Export device report
Best Practices
Start with Visibility
Focus on enrollment first. You can't secure what you can't see.
Policy Gradually
Roll out policies in stages. Start with monitoring, then enforcement.
Prioritize Vulnerabilities
Focus on critical and exploited vulnerabilities first.
Regular Check-ins
Ensure devices check in regularly. Stale data indicates problems.