Overview

The devices module provides a centralized inventory of all employee devices (laptops, desktops, mobile phones, and tablets) with real-time compliance monitoring. Track encryption status, antivirus coverage, firewall settings, screen lock configuration, and MDM enrollment to ensure endpoint security controls are met across your compliance frameworks.

Device Inventory

The device inventory displays all registered devices in a searchable, filterable table with key compliance indicators visible at a glance.

Device Properties

FieldDescription
Device NameFriendly name for the device
Device TypeLaptop, Desktop, Mobile, or Tablet
ManufacturerDevice manufacturer (Apple, Dell, Lenovo, etc.)
ModelSpecific model name or number
Serial NumberUnique hardware serial number
Machine IDSystem-assigned machine identifier
OS NameOperating system (macOS, Windows, iOS, Android, Linux)
OS VersionOperating system version number
Assigned ToThe employee this device is assigned to
StatusCurrent device status
Compliance StatusWhether the device meets security requirements
Last Check-InMost recent device check-in timestamp

Device Types

Laptop

Portable computers issued to employees for daily work.

Desktop

Stationary workstations in office environments.

Mobile

Smartphones used for work email, Slack, and corporate apps.

Tablet

Tablets used for presentations, fieldwork, or executive use.

Device Statuses

StatusDescription
AssignedDevice is actively assigned to an employee
UnassignedDevice is in inventory but not assigned
LostDevice has been reported lost
StolenDevice has been reported stolen
RetiredDevice has been decommissioned
In RepairDevice is being serviced
Pending ReturnEmployee has departed and device is awaiting return
Lost or stolen devices containing company data must be reported immediately. If the device is encrypted and MDM-enrolled, a remote wipe can be initiated to protect sensitive information.

Compliance Monitoring

Each device is evaluated against a set of security compliance checks:
CheckDescriptionWhy It Matters
EncryptionFull-disk encryption enabled (FileVault, BitLocker)Protects data at rest if the device is lost or stolen
AntivirusAntivirus software installed and runningDetects and prevents malware infections
FirewallSystem firewall enabledBlocks unauthorized network connections
Screen LockAutomatic screen lock configuredPrevents unauthorized physical access
MDM EnrolledDevice enrolled in Mobile Device ManagementEnables remote management, configuration, and wipe

Compliance Status

Based on the compliance checks, each device receives an overall compliance status:
StatusDescription
CompliantAll security checks pass
Non-CompliantOne or more security checks fail
PendingCompliance status has not yet been evaluated
UnknownDevice has not checked in recently enough to determine status
Filter the device list by Non-Compliant status to quickly identify devices that need remediation. Address these devices first to improve your overall endpoint security posture.

Registering Devices

1

Navigate to Devices

Go to Personnel > Devices to access the device inventory.
2

Click Add Device

Click the Add Device button to open the registration form.
3

Enter Device Details

Fill in the device properties:
  • Device name, type, manufacturer, and model
  • Serial number and machine ID
  • Operating system and version
  • Assign to an employee (optional)
  • Set initial compliance check values
4

Save

Save the device record. It appears in the inventory and begins compliance tracking.

Device Sync

If your organization uses an MDM solution (Jamf, Intune, Kandji, etc.) connected through LowerPlane integrations, device data can be synced automatically.

Sync Options

  • Sync Individual Device — refresh data for a single device from the MDM provider
  • Sync All Devices — bulk refresh all device data from connected integrations
Automatic sync imports device properties, compliance check values, and last check-in timestamps directly from your MDM provider, eliminating manual data entry.

Additional Device Metadata

Beyond compliance checks, the device inventory tracks:
FieldDescription
MAC AddressNetwork interface hardware address
Last IP AddressMost recent IP address observed
Battery HealthBattery health percentage (for portable devices)
Compliance IssuesList of specific compliance failures
Assigned DateWhen the device was assigned to the current employee

Exporting Device Data

Export the device inventory to CSV for reporting, asset management, or insurance purposes. The export includes all device properties and compliance status fields.

Device Lifecycle

1

Procurement

New devices are purchased and entered into the inventory with Unassigned status.
2

Assignment

Devices are assigned to employees. The assigned date and employee are recorded.
3

Active Use

Devices are monitored for compliance during active use. Check-ins update the compliance status regularly.
4

Return or Decommission

When an employee departs, the device is marked as Pending Return. After collection and data wipe, it is either reassigned or Retired.

Compliance Mapping

Device management supports endpoint security controls:
FrameworkControlRequirement
ISO 27001A.8.1Asset inventory and ownership
ISO 27001A.11.2Equipment security
SOC 2CC6.7Restrict transmission and movement of information
HIPAA164.310(d)(1)Device and media controls
PCI-DSS5.1Anti-virus software on all systems
PCI-DSS9.9Protect devices that capture payment card data

Best Practices

  • Enroll all devices in MDM to enable remote management, configuration enforcement, and remote wipe capability
  • Require full-disk encryption on all devices — this is a baseline control for every compliance framework
  • Set auto-lock timers to 5 minutes or less for all devices
  • Monitor check-in freshness — devices that have not checked in recently may be lost, stolen, or non-functional
  • Run compliance reports monthly and follow up on non-compliant devices within 7 days
  • Wipe devices before reassignment to prevent data leakage between employees