Device Security Checks
Overview
Security Checks let you monitor and enforce compliance policies across your device fleet. Each check evaluates devices against a specific security requirement and reports their compliance status.
Security Checks Table
Navigate to Devices → Security Checks to view all compliance policies.
The table displays the following information for each check:
| Column | Description |
|---|---|
| Check | Name of the compliance policy |
| Passed Devices | Number of devices that meet the requirement |
| Failed Devices | Number of devices that do not meet the requirement |
| Unknown Devices | Number of devices where compliance could not be determined |
You can search checks by name using the search bar.
Compliance States
Each device is evaluated against every applicable check:
| State | Meaning |
|---|---|
| Passed | Device meets the policy requirement |
| Failed | Device does not meet the requirement |
| Unknown | Compliance status could not be determined |
Viewing Check Details
Click on any security check row to open the policy details modal. This shows:
- The full policy definition
- List of devices in each compliance state
- Device-level details for remediation
Check Types
Security checks can cover a wide range of compliance requirements:
- Operating system version
- Disk encryption enabled
- Firewall enabled
- Screen lock configured
- Antivirus installed
- Latest patches applied
- No prohibited software
Security Checks require the Bastion agent. If your organization uses a different agent type, this feature will be available soon.
Best Practices
Prioritize Failed Checks
Focus on checks with the most failed devices first to improve your overall security posture.
Investigate Unknown States
Unknown states may indicate devices that are offline or not reporting correctly.
Use for Audit Evidence
Security check results serve as compliance evidence for frameworks like SOC 2 and ISO 27001.