Back to blog

IT Device Audit: A Fleet Audit System as a One-Click Project Template

July 9, 20266 min
Device & Data

IT Device Audit is a battle-tested fleet audit system packaged as an OpenTechnologyApp project template. It started life as a Google Sheet + Apps Script reconciling a real ~145-device healthcare fleet — JumpCloud against SentinelOne, browser management, and asset inventory — and now ships as three queues, working automations, and step-by-step remediation playbooks you can import in one click.

The template directory is going open source on GitHub — watch the org for the repo.

What it catches

Every check the original system ran weekly (or continuously) becomes a tracked item with a Run Status and flagged count:

  • T1 — Security blockers: devices missing the EDR agent, EDR ghosts not in MDM, critical health flags from device-side telemetry, Microsoft-account policy violations
  • T2 — Operational hygiene: stale devices (14-day warning band, 30-day action band), outdated OS, high uptime, hostname drift, browser-OU drift, Windows Update + Lenovo updater backlog
  • T3 — Inventory completeness: orphaned devices, multi-device users, agent version drift, asset-inventory add/remove, unactivated users

Three queues, one system

QueueWhat lives there
Device InventoryOne item per device — serial, platform, agent versions, health status, days silent, decommission checkboxes
Audit ChecksOne item per check metric, grouped by tier, with cadence + Run Status + flagged count
Remediation CommandsThe MDM commands (EDR install/reconnect, hostname rename, compliance enforcement) as fireable, tracked items

Automations that do real work

No advisory-comment fluff. When a device's EDR status flips to Missing, it goes urgent and lands in the P1 tier. When a check passes, it closes itself. When a returned device is marked wiped, the decommission item closes. Optional webhook automations fire MDM remediation commands directly or DM your Slack channel about a stale device — shipped disabled until you've trusted a full cycle (the dry-run discipline the original system ran on).

Playbooks: the triage workflow, encoded

Eleven runbooks auto-attach to matching item types:

  • EDR gap — install vs. reconnect, per platform, with a verify step
  • Stale device — confirm the user is active, reconnect or route to decommission
  • Decommission — the four-system teardown (MDM, EDR, asset inventory, browser record), each step flipping a checkbox
  • MS Account Compliance / Agent Versions / User Comms / Orphaned Devices — the weekly P1–P7 triage priorities as guided steps, Slack templates included
  • Webhook redeploy runbook and a provider-swap checklist — the hard-won operational lessons, so the next admin doesn't relearn them

Connected to your fleet, not just describing it

Two included scripts wire the template to real infrastructure:

  • jumpcloud-sync.js — cron script that pulls devices from the JumpCloud API and upserts inventory items with days-silent math and status routing
  • device-post-ingest.js — an inbound webhook that accepts the device-side telemetry POSTs (Windows health, Mac health, network, MS compliance — all four payload contracts), evaluates critical flags, and updates devices in place

The MDM layer is deliberately swappable: the sync script is the only JumpCloud-specific piece. Point it at Kandji, Intune, or Mosyle by mapping their API into the same normalized device shape — checks, dashboards, and playbooks don't change.

Get it

Import IT Device Audit from the template picker in OpenTechnologyApp — it's built in. The standalone template files (JSON + scripts + runbooks) are heading to the OpenTechnology14 GitHub org as an open-source directory.

Get in Touch

Interested in a topic? Drop a note and select a category. I'm also available for a free consultation meeting — reach out and we'll set something up.