> This is really normal for most small companies with good security posture, honestly. The company will pick one platform where endpoint management is functional, and require it. Code and secrets can't live on machines without endpoint management.
What is "endpoint management," in layman's terms? My corporate laptop has 2 different "endpoint manager" applications running (and about 30 scripts that run in task manager). What are these things doing for them?
Endpoint management are backdoors that allow IT to monitor every file on disk, every network connection opened, every program run, and every action taken on a company-owned workstation, as well as allowing full control over the system including installing and removing programs; creating, editing, and deleting files; viewing what's happening on the screen; and shutting things down entirely if desired.
Piecemeal response, but endpoint managers are really there to ensure:
1) That the device is compliant with whatever security standards (AV is running, no weird user accounts that are admins etc;)
2) That if the machine is lost || fails to check in: it is wiped.
3) That if security standards change; those changes can be rolled out.
4) That activity on the device is somewhat logged, not to great extent but: Login Events (and what factor was used), if Admin elevation was called; if a strange executable was executed. etc; These logs are only useful in certain circumstances and I've never seen anyone actually use them outside of arbitration.
What is "endpoint management," in layman's terms? My corporate laptop has 2 different "endpoint manager" applications running (and about 30 scripts that run in task manager). What are these things doing for them?